rhadamanthys | c2b605991631fbd4227cefee857bb023fe19d620ece85f875e2e555997ca3d20 | Triage

Submit
Reports

Overview

overview

Static

static

3

mmpack/mmpack.exe

windows10-2004-x64

Sharing

General

Target

mmpack (2024).rar
Size

30.0MB
Sample

240923-frj4pswgna
MD5

fec3fddba5b9ef2ce17814f975f836ad
SHA1

1329a78d9af3eb472d66e39b2d0673689cc019c9
SHA256

c2b605991631fbd4227cefee857bb023fe19d620ece85f875e2e555997ca3d20
SHA512

a2d4ffb24b27447b3faa224f0fe810097197b27fffe9b55777cedad23330dcf663e57a5c48521558b53213b6157907ff79df45f3c188a88c6527c1075b4b9f24
SSDEEP

786432:PJ3436x5w8lv7mMDI4M1cTPpMnaxlMKBc0HNdAGNJ:BXdS8LMK1VPxc0tdzJ

Score

10^/10

rhadamanthys xmrig discovery evasion execution miner persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mmpack/mmpack.exe

Resource

win10v2004-20240802-en

rhadamanthys xmrig discovery evasion execution miner persistence stealer upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

rhadamanthys

C2

https://api.assasasasasas.shop/c40a79fd692ba05/jvjt0idu.tvxhs

Targets

- Target
  
  mmpack/mmpack.exe
- Size
  
  785.9MB
- MD5
  
  17fa54200d0a4a000d5efbf602b8a0e6
- SHA1
  
  b843e32e8116bf481a25c2849cc14e9df89e902d
- SHA256
  
  d3fa6f22e10ed36f833ce25a16f7bf93eaf0c5e9b5e3ddd5203c73c11a98e71b
- SHA512
  
  b25e8ec4d0e0b28aa51c15fc6394b807faba9b2004921e0186f380a72249a24cbb129d2c71a5a6dcd67485c7954524729151b360161b34602b6bc9fb90c7ca1b
- SSDEEP
  
  49152:bvvAQlU+7RzxP5z5ASE3MkiGgFDXtuCsVsvcrb6FMbSuvUkt77:s6RzxP5z5A93MkiGgFLtuCtvcrbXUo77
Score

10^/10

rhadamanthys xmrig discovery evasion execution miner persistence stealer upx
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

rhadamanthysxmrigdiscoveryevasionexecutionminerpersistencestealerupx

© 2018-2024

Terms | Privacy