hijackloader | 6f08d25994d6b37a4c711033e6b949ab66c15914952eb4c86efa504f727af635 | Triage

Submit
Reports

Overview

overview

Static

static

mp.exe

windows7-x64

mp.exe

windows10-2004-x64

Resubmissions

13-06-2024 03:14

240613-drjrtswcqk 10

12-06-2024 14:43

240612-r3q7yayelh 10

Sharing

General

Target

mp.exe
Size

9.2MB
Sample

240612-r3q7yayelh
MD5

bbc886e8c9dde33980c382263b7ce8b8
SHA1

a5953c53277cfb3db60f8060fe6d69ca87dc8ee4
SHA256

6f08d25994d6b37a4c711033e6b949ab66c15914952eb4c86efa504f727af635
SHA512

f247523b095cd3259a18ec2866491385326d8ae92b4cba0f068822b06730c9b7a15b9773ac0cd043a7b06655b0fe29d9cca7d6559c4ce0f9241f0abfab592bee
SSDEEP

196608:wssBSXxz17OxBaQR5MetJ05SuN1qpJ1pRONksJp:wssBSXxzIBaQR525do1pRbkp

Score

10^/10

hijackloader stealc xprivate4 loader stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mp.exe

Resource

win7-20231129-en

hijackloader stealc xprivate4 loader stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

mp.exe

Resource

win10v2004-20240611-en

hijackloader stealc xprivate4 loader stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

xprivate4

C2

http://45.88.77.186

Attributes

url_path
/93fc676dbd45174b.php

Targets

- Target
  
  mp.exe
- Size
  
  9.2MB
- MD5
  
  bbc886e8c9dde33980c382263b7ce8b8
- SHA1
  
  a5953c53277cfb3db60f8060fe6d69ca87dc8ee4
- SHA256
  
  6f08d25994d6b37a4c711033e6b949ab66c15914952eb4c86efa504f727af635
- SHA512
  
  f247523b095cd3259a18ec2866491385326d8ae92b4cba0f068822b06730c9b7a15b9773ac0cd043a7b06655b0fe29d9cca7d6559c4ce0f9241f0abfab592bee
- SSDEEP
  
  196608:wssBSXxz17OxBaQR5MetJ05SuN1qpJ1pRONksJp:wssBSXxzIBaQR525do1pRbkp
Score

10^/10

hijackloader stealc xprivate4 loader stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hijackloaderstealcxprivate4loaderstealer

behavioral2

hijackloaderstealcxprivate4loaderstealer

© 2018-2024

Terms | Privacy