General

  • Target

    snss2.zip

  • Size

    3.8MB

  • Sample

    240806-a6ql5sxgja

  • MD5

    1f6b746089714cd9021896c8f63f8296

  • SHA1

    3d93825f6122be69ed59ba87f96c48b1eb3052e3

  • SHA256

    84cb265ff3b5bd7774b1c513247a24c13162965eaa79d0856ca04050c24767bb

  • SHA512

    dd90798bfe75621bd6274c53ad2d2a9d0afd62bcfd93abe63b2d26599c3e97451f9217774be5a476c8e7a9d89608e1e648a3e1a5b82c05d691695ebf4e25e29f

  • SSDEEP

    98304:6YV+I7a6xgk9s1mZFrTjApvd989d8t92RsdyqnNg:VV977xgM0AA/989yQEJnq

Malware Config

Targets

    • Target

      snss2.exe

    • Size

      4.1MB

    • MD5

      8f3ada84646389b58a1d56563590e15d

    • SHA1

      2230612bc79af9cf5d3f9a90dec4e25e1e6bd337

    • SHA256

      0eb210de184746374c86e743311787898f2df55c03e0ea5466b3a07a4db7325b

    • SHA512

      fb536028de46484c2b2e751c21a03eb1db6022d88d9cc0d800c580bd3696b79b4d769f5c9bfcf911149f875319b1f0dfaa656ce471b59b6db05e5475a0a01a60

    • SSDEEP

      98304:ZvMOJ+qABAVZvTrFbpKyXTp/8zf8R9Mr4/Eof:Z0ONk2ZPqyN/8zUs6d

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks