General
-
Target
2025-03-29_de4c2b4fd1be0104eb1ff2dbb5fd8e88_amadey_karagany_rhadamanthys_smoke-loader
-
Size
243KB
-
Sample
250329-mb4xha1wgt
-
MD5
de4c2b4fd1be0104eb1ff2dbb5fd8e88
-
SHA1
8409d7dbe95039a0914ab1880772d7a39705e7d2
-
SHA256
3ff22427598437632ed294dccbde79e20eb5084eb6b0d7eb11555796fa67876c
-
SHA512
c34b36e9ad1038d8dfb7c7d23dfaa4d5e0056b2142ef1962ce50ad8e6d9219cb816cd7b4e7bac934a09764a12c0588aa7b5a57e7a61ba34fc337937e16149d1e
-
SSDEEP
6144:PSncRlmWU91Ubp+f4nKvaQhcF7qI+xuZjwxB:q4MVgvhq
Behavioral task
behavioral1
Sample
2025-03-29_de4c2b4fd1be0104eb1ff2dbb5fd8e88_amadey_karagany_rhadamanthys_smoke-loader.exe
Resource
win7-20241010-en
Malware Config
Extracted
xenorat
slimedang-64046.portmap.host
-
delay
5000
-
install_path
temp
-
port
64046
-
startup_name
winsvchost
Targets
-
-
Target
2025-03-29_de4c2b4fd1be0104eb1ff2dbb5fd8e88_amadey_karagany_rhadamanthys_smoke-loader
-
Size
243KB
-
MD5
de4c2b4fd1be0104eb1ff2dbb5fd8e88
-
SHA1
8409d7dbe95039a0914ab1880772d7a39705e7d2
-
SHA256
3ff22427598437632ed294dccbde79e20eb5084eb6b0d7eb11555796fa67876c
-
SHA512
c34b36e9ad1038d8dfb7c7d23dfaa4d5e0056b2142ef1962ce50ad8e6d9219cb816cd7b4e7bac934a09764a12c0588aa7b5a57e7a61ba34fc337937e16149d1e
-
SSDEEP
6144:PSncRlmWU91Ubp+f4nKvaQhcF7qI+xuZjwxB:q4MVgvhq
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-