General
-
Target
snss2.exe
-
Size
7.7MB
-
Sample
240611-cggztazejc
-
MD5
3a856193d7f5204896257205ffbe19bf
-
SHA1
a9f0f06ca0828076b76edd913e5c8429d7bb2ca3
-
SHA256
8ab04f749508030f388cbbe218bfaf32490673793c066d4e1002b6ad56f78c1e
-
SHA512
0d3a2468f130e1431e7ef57f0021e14ecc91399addf6f6648cb689d45bd162f0f3a9931807aa4c69e341a3e49bbe63a9c04dbc841cfc7c4b36c023f7e114b63a
-
SSDEEP
98304:3RjBDuX7yiW2cTYuVEWilcAiKS6m4goQ1v5zzG1GM2h8LH7Bil63eAo3YLhQL7IC:3R1D1iQT3fnIGMZ7Bil63r6YLEurIvZf
Behavioral task
behavioral1
Sample
snss2.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
snss2.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
snss2.exe
-
Size
7.7MB
-
MD5
3a856193d7f5204896257205ffbe19bf
-
SHA1
a9f0f06ca0828076b76edd913e5c8429d7bb2ca3
-
SHA256
8ab04f749508030f388cbbe218bfaf32490673793c066d4e1002b6ad56f78c1e
-
SHA512
0d3a2468f130e1431e7ef57f0021e14ecc91399addf6f6648cb689d45bd162f0f3a9931807aa4c69e341a3e49bbe63a9c04dbc841cfc7c4b36c023f7e114b63a
-
SSDEEP
98304:3RjBDuX7yiW2cTYuVEWilcAiKS6m4goQ1v5zzG1GM2h8LH7Bil63eAo3YLhQL7IC:3R1D1iQT3fnIGMZ7Bil63r6YLEurIvZf
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Suspicious use of SetThreadContext
-