General
-
Target
snss2.zip
-
Size
3.8MB
-
Sample
240806-a6ql5sxgja
-
MD5
1f6b746089714cd9021896c8f63f8296
-
SHA1
3d93825f6122be69ed59ba87f96c48b1eb3052e3
-
SHA256
84cb265ff3b5bd7774b1c513247a24c13162965eaa79d0856ca04050c24767bb
-
SHA512
dd90798bfe75621bd6274c53ad2d2a9d0afd62bcfd93abe63b2d26599c3e97451f9217774be5a476c8e7a9d89608e1e648a3e1a5b82c05d691695ebf4e25e29f
-
SSDEEP
98304:6YV+I7a6xgk9s1mZFrTjApvd989d8t92RsdyqnNg:VV977xgM0AA/989yQEJnq
Behavioral task
behavioral1
Sample
snss2.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
snss2.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
snss2.exe
-
Size
4.1MB
-
MD5
8f3ada84646389b58a1d56563590e15d
-
SHA1
2230612bc79af9cf5d3f9a90dec4e25e1e6bd337
-
SHA256
0eb210de184746374c86e743311787898f2df55c03e0ea5466b3a07a4db7325b
-
SHA512
fb536028de46484c2b2e751c21a03eb1db6022d88d9cc0d800c580bd3696b79b4d769f5c9bfcf911149f875319b1f0dfaa656ce471b59b6db05e5475a0a01a60
-
SSDEEP
98304:ZvMOJ+qABAVZvTrFbpKyXTp/8zf8R9Mr4/Eof:Z0ONk2ZPqyN/8zUs6d
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Suspicious use of SetThreadContext
-