Overview

overview

10

Static

static

10

snss2.exe

windows7-x64

10

snss2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    snss2.exe

  • Size

    7.7MB

  • Sample

    240611-cggztazejc

  • MD5

    3a856193d7f5204896257205ffbe19bf

  • SHA1

    a9f0f06ca0828076b76edd913e5c8429d7bb2ca3

  • SHA256

    8ab04f749508030f388cbbe218bfaf32490673793c066d4e1002b6ad56f78c1e

  • SHA512

    0d3a2468f130e1431e7ef57f0021e14ecc91399addf6f6648cb689d45bd162f0f3a9931807aa4c69e341a3e49bbe63a9c04dbc841cfc7c4b36c023f7e114b63a

  • SSDEEP

    98304:3RjBDuX7yiW2cTYuVEWilcAiKS6m4goQ1v5zzG1GM2h8LH7Bil63eAo3YLhQL7IC:3R1D1iQT3fnIGMZ7Bil63r6YLEurIvZf

Score
10/10
hijackloaderrhadamanthysloaderspywarestealer

Malware Config

Targets

    • Target

      snss2.exe

    • Size

      7.7MB

    • MD5

      3a856193d7f5204896257205ffbe19bf

    • SHA1

      a9f0f06ca0828076b76edd913e5c8429d7bb2ca3

    • SHA256

      8ab04f749508030f388cbbe218bfaf32490673793c066d4e1002b6ad56f78c1e

    • SHA512

      0d3a2468f130e1431e7ef57f0021e14ecc91399addf6f6648cb689d45bd162f0f3a9931807aa4c69e341a3e49bbe63a9c04dbc841cfc7c4b36c023f7e114b63a

    • SSDEEP

      98304:3RjBDuX7yiW2cTYuVEWilcAiKS6m4goQ1v5zzG1GM2h8LH7Bil63eAo3YLhQL7IC:3R1D1iQT3fnIGMZ7Bil63r6YLEurIvZf

    Score
    10/10
    hijackloaderloaderspywarestealerrhadamanthys

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks