Resubmissions
02-07-2024 14:21
240702-rpd1fswfjg 1002-07-2024 14:17
240702-rly68awejc 130-06-2024 11:06
240630-m7vzgawhlb 530-06-2024 11:02
240630-m45phazdqr 130-06-2024 10:28
240630-mhyn3aweng 830-06-2024 10:28
240630-mhvx6szbqm 130-06-2024 09:41
240630-lpaedawbne 129-06-2024 10:40
240629-mqs4jswbkg 1029-06-2024 10:40
240629-mqnh3ayerk 429-06-2024 09:28
240629-lfc4xaxfrj 1General
-
Target
https://github.com
-
Sample
240629-mqs4jswbkg
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com
Resource
win10-20240404-en
Malware Config
Extracted
xworm
5.0
0X3uXfrw3ONnrDeQ
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/H3wFXmEi
Extracted
asyncrat
0.5.8
T
20.199.8.16:1726
31FGTEWnaxDE
-
delay
3
-
install
false
-
install_file
SeacrhIndexer
-
install_folder
%AppData%
Extracted
asyncrat
0.5.8
Y
20.199.8.16:1726
eYLuHMmPZK7A
-
delay
3
-
install
false
-
install_file
SeacrhIndexer
-
install_folder
%AppData%
Targets
-
-
Target
https://github.com
-
Detect Xworm Payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5Hide Artifacts
2Hidden Files and Directories
2Subvert Trust Controls
1Install Root Certificate
1