General

  • Target

    Sunlogin.exe.v

  • Size

    63.7MB

  • Sample

    240905-yaq5ssyenf

  • MD5

    b9afd1263513f787583b789e321d1d2f

  • SHA1

    9ced5b5ce89a9de80e65e1fd509d2141347c3e33

  • SHA256

    e6f03e0cb607f00a6604a3eabb942f5fa541fc2428838f674326a935feba621b

  • SHA512

    07f182523c2aad3350b109b7f3e7e9416767f785b41a3cf6c7121db46e9ea4697bbd0841160e88b1959027f414613ed5c12b78561acb1fbbccd905d591307da3

  • SSDEEP

    786432:bNOLwxvg0im7xP8tNA7RJlzOob13dT3mBspsQzS/bhu5UI798wJMwmnX0HGR5H:bNOLio0r71qAvUob135mzQzpUu/rmZF

Malware Config

Targets

    • Target

      Sunlogin.exe.v

    • Size

      63.7MB

    • MD5

      b9afd1263513f787583b789e321d1d2f

    • SHA1

      9ced5b5ce89a9de80e65e1fd509d2141347c3e33

    • SHA256

      e6f03e0cb607f00a6604a3eabb942f5fa541fc2428838f674326a935feba621b

    • SHA512

      07f182523c2aad3350b109b7f3e7e9416767f785b41a3cf6c7121db46e9ea4697bbd0841160e88b1959027f414613ed5c12b78561acb1fbbccd905d591307da3

    • SSDEEP

      786432:bNOLwxvg0im7xP8tNA7RJlzOob13dT3mBspsQzS/bhu5UI798wJMwmnX0HGR5H:bNOLio0r71qAvUob135mzQzpUu/rmZF

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      25KB

    • MD5

      40d7eca32b2f4d29db98715dd45bfac5

    • SHA1

      124df3f617f562e46095776454e1c0c7bb791cc7

    • SHA256

      85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

    • SHA512

      5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

    • SSDEEP

      384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E

    Score
    3/10
    • Target

      SunloginClient.exe

    • Size

      65.3MB

    • MD5

      92698c1a02e722c25e74a1bcabcfc330

    • SHA1

      cc5918bc8702954e3c7e15997f8e8f05ed4ee124

    • SHA256

      f36491f384c9bb0e10b19048246f0cd79130ee1c51fe30267f843f6ede409c8c

    • SHA512

      e34e767019c1a130d2f555dbd9547a7011fcb4b2ec9d46f85a6735e5658a474872525e7c3d553987ab9e260a7c3356de13ca0ac93c24b74ffd31a0a2d5a7e543

    • SSDEEP

      1572864:t+fXwg04ydo29UVjSg6CDfG3t23oiwMXRxCUbJlxV8OLq80VcBGC:t+vW4ZG6DC8ouCYJlxPq80VuN

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks