General

  • Target

    Sunlogin.msi.v

  • Size

    64.5MB

  • Sample

    241003-bnt3aaxapj

  • MD5

    f26bb6eacd8f68fe70e3e333684412e3

  • SHA1

    91a5794e05543636aae47bccfff5ec6c31eaafb5

  • SHA256

    6778731439d35e8ba56caca738098ed7b573cf47296ff728b9e86f1896ce0ad9

  • SHA512

    737a53b3ae861a2f37c277dfbb627a2c0aca8cd82c3292ba9bca6c0c5c6c004f0a7bc0ac7afbc6ec6312a9b013d383fb682263cf4ccf263f4e517963dd845d4f

  • SSDEEP

    1572864:4xP1QIFHSGmzvXBSeBoRtGt3I/pfI/QOem+Gbbg1Hehpybkc:451dynvXBfSnXvVNB+/H

Malware Config

Targets

    • Target

      Sunlogin.msi.v

    • Size

      64.5MB

    • MD5

      f26bb6eacd8f68fe70e3e333684412e3

    • SHA1

      91a5794e05543636aae47bccfff5ec6c31eaafb5

    • SHA256

      6778731439d35e8ba56caca738098ed7b573cf47296ff728b9e86f1896ce0ad9

    • SHA512

      737a53b3ae861a2f37c277dfbb627a2c0aca8cd82c3292ba9bca6c0c5c6c004f0a7bc0ac7afbc6ec6312a9b013d383fb682263cf4ccf263f4e517963dd845d4f

    • SSDEEP

      1572864:4xP1QIFHSGmzvXBSeBoRtGt3I/pfI/QOem+Gbbg1Hehpybkc:451dynvXBfSnXvVNB+/H

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Windows Firewall

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks