General
-
Target
JaffaCakes118_ea73ef397ac6fb9c0bef8b7df8f8d952e4de3cb0dc207c411564de53e5fed270
-
Size
784.9MB
-
Sample
241223-z54j2s1phz
-
MD5
e8458ffdeb74037013babec723bed5b9
-
SHA1
6f286cf8019d12e44e5316ff9c977b316aa45e38
-
SHA256
ea73ef397ac6fb9c0bef8b7df8f8d952e4de3cb0dc207c411564de53e5fed270
-
SHA512
393bf123ec916aa0e0bb673b8a4ce94553aa8ba0faab1dad566c68a06201702cb645a3c80554a773f3e76075363426e87cd87fe6acf32ab9c725485d89aa2cad
-
SSDEEP
98304:U+eRiRmEKSe9MrFMXHoO0it7mkvoO0F8obO:JeMeS0ZIdooOAA
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_ea73ef397ac6fb9c0bef8b7df8f8d952e4de3cb0dc207c411564de53e5fed270.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ea73ef397ac6fb9c0bef8b7df8f8d952e4de3cb0dc207c411564de53e5fed270.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
rhadamanthys
https://195.74.86.133:8754/c0ce23b5aec743c595fe43/d5nfjwa5.wtd5k
Targets
-
-
Target
JaffaCakes118_ea73ef397ac6fb9c0bef8b7df8f8d952e4de3cb0dc207c411564de53e5fed270
-
Size
784.9MB
-
MD5
e8458ffdeb74037013babec723bed5b9
-
SHA1
6f286cf8019d12e44e5316ff9c977b316aa45e38
-
SHA256
ea73ef397ac6fb9c0bef8b7df8f8d952e4de3cb0dc207c411564de53e5fed270
-
SHA512
393bf123ec916aa0e0bb673b8a4ce94553aa8ba0faab1dad566c68a06201702cb645a3c80554a773f3e76075363426e87cd87fe6acf32ab9c725485d89aa2cad
-
SSDEEP
98304:U+eRiRmEKSe9MrFMXHoO0it7mkvoO0F8obO:JeMeS0ZIdooOAA
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-