General
-
Target
3ecee960f79e5c0c287bdf8e2255e6f51c889fae9870fa7689dd5048246fa574
-
Size
239KB
-
Sample
230923-3swv8acf35
-
MD5
f4f316e18bb57ea07f919150fb214251
-
SHA1
c3b4414af6e22c4c2a7650f5bba67afff85ac1ed
-
SHA256
3ecee960f79e5c0c287bdf8e2255e6f51c889fae9870fa7689dd5048246fa574
-
SHA512
c46dbbf66ccc0b877d6ab21fc418bcda47747990c19c6d0546dc904a9c0bc2a936d415be9d0d38ec56c5fcec5cccf1b298ea5a1ef1cb04967c0c71603a8b15af
-
SSDEEP
6144:yk46fuYXChoQTjlFgLuCY1dRuAOMmI9Efg1/w8y0:ytYzXChdTbv1bu76Xpw8y
Static task
static1
Behavioral task
behavioral1
Sample
3ecee960f79e5c0c287bdf8e2255e6f51c889fae9870fa7689dd5048246fa574.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
3ecee960f79e5c0c287bdf8e2255e6f51c889fae9870fa7689dd5048246fa574
-
Size
239KB
-
MD5
f4f316e18bb57ea07f919150fb214251
-
SHA1
c3b4414af6e22c4c2a7650f5bba67afff85ac1ed
-
SHA256
3ecee960f79e5c0c287bdf8e2255e6f51c889fae9870fa7689dd5048246fa574
-
SHA512
c46dbbf66ccc0b877d6ab21fc418bcda47747990c19c6d0546dc904a9c0bc2a936d415be9d0d38ec56c5fcec5cccf1b298ea5a1ef1cb04967c0c71603a8b15af
-
SSDEEP
6144:yk46fuYXChoQTjlFgLuCY1dRuAOMmI9Efg1/w8y0:ytYzXChdTbv1bu76Xpw8y
-
Detect rhadamanthys stealer shellcode
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-