General

  • Target

    snss2.exe

  • Size

    7.7MB

  • Sample

    240611-cggztazejc

  • MD5

    3a856193d7f5204896257205ffbe19bf

  • SHA1

    a9f0f06ca0828076b76edd913e5c8429d7bb2ca3

  • SHA256

    8ab04f749508030f388cbbe218bfaf32490673793c066d4e1002b6ad56f78c1e

  • SHA512

    0d3a2468f130e1431e7ef57f0021e14ecc91399addf6f6648cb689d45bd162f0f3a9931807aa4c69e341a3e49bbe63a9c04dbc841cfc7c4b36c023f7e114b63a

  • SSDEEP

    98304:3RjBDuX7yiW2cTYuVEWilcAiKS6m4goQ1v5zzG1GM2h8LH7Bil63eAo3YLhQL7IC:3R1D1iQT3fnIGMZ7Bil63r6YLEurIvZf

Malware Config

Targets

    • Target

      snss2.exe

    • Size

      7.7MB

    • MD5

      3a856193d7f5204896257205ffbe19bf

    • SHA1

      a9f0f06ca0828076b76edd913e5c8429d7bb2ca3

    • SHA256

      8ab04f749508030f388cbbe218bfaf32490673793c066d4e1002b6ad56f78c1e

    • SHA512

      0d3a2468f130e1431e7ef57f0021e14ecc91399addf6f6648cb689d45bd162f0f3a9931807aa4c69e341a3e49bbe63a9c04dbc841cfc7c4b36c023f7e114b63a

    • SSDEEP

      98304:3RjBDuX7yiW2cTYuVEWilcAiKS6m4goQ1v5zzG1GM2h8LH7Bil63eAo3YLhQL7IC:3R1D1iQT3fnIGMZ7Bil63r6YLEurIvZf

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks