Overview

overview

10

Static

static

10

snss2.bin.exe

windows7-x64

10

snss2.bin.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    snss2.bin.exe

  • Size

    7.4MB

  • Sample

    240804-j95d5s1blq

  • MD5

    afea68327bd3cb05fea2420848065499

  • SHA1

    e057f60b9e54b139e2fdbc63b141533c4946c8d5

  • SHA256

    039b95904c2dacfb2fd0798010837023349478dbbb9f70bf52a2f79e4735b5b4

  • SHA512

    be1c174bdbff87c38299c880ac93d4959d8048817439511bec59c281f9f1f773d501017cc52963da82ce8941eecd2cf002ed44dc34e3bd4e7ba6b8eec50c9dbb

  • SSDEEP

    98304:fiMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwPgo3dkvmnXX:Ki68xQ+zLJOZwjgZ7Utc2X

Score
10/10
hijackloaderrhadamanthysdiscoveryloaderstealer

Malware Config

Targets

    • Target

      snss2.bin.exe

    • Size

      7.4MB

    • MD5

      afea68327bd3cb05fea2420848065499

    • SHA1

      e057f60b9e54b139e2fdbc63b141533c4946c8d5

    • SHA256

      039b95904c2dacfb2fd0798010837023349478dbbb9f70bf52a2f79e4735b5b4

    • SHA512

      be1c174bdbff87c38299c880ac93d4959d8048817439511bec59c281f9f1f773d501017cc52963da82ce8941eecd2cf002ed44dc34e3bd4e7ba6b8eec50c9dbb

    • SSDEEP

      98304:fiMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwPgo3dkvmnXX:Ki68xQ+zLJOZwjgZ7Utc2X

    Score
    10/10
    hijackloaderdiscoveryloaderrhadamanthysstealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks