Overview

overview

10

Static

static

10

1aeb3a19d4...27.exe

windows7-x64

10

1aeb3a19d4...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1aeb3a19d439d8a4a00313d12f463827.exe

  • Size

    989KB

  • Sample

    240629-2h8ats1grr

  • MD5

    1aeb3a19d439d8a4a00313d12f463827

  • SHA1

    beedd7366e1ef168595d800ebe013067c78775de

  • SHA256

    b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d

  • SHA512

    074c2316d385feb4c78e6068a8fbf37d570bb9ee87a69b76bc3878a1b18eb9f97ca6511709008dcc60158d0dc81395adaed5e309d0266ed7713e7e5e4e442422

  • SSDEEP

    24576:liG03BDYmHDQKcdE2v4jtaUN4cDHZgboRxRprGE:oJYuHTI4jJJObkf

Score
10/10
hijackloaderstealcnight26loaderspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

night26

C2

http://188.130.207.35

Attributes
  • url_path

    /0b92e7ab19e861f9.php

Targets

    • Target

      1aeb3a19d439d8a4a00313d12f463827.exe

    • Size

      989KB

    • MD5

      1aeb3a19d439d8a4a00313d12f463827

    • SHA1

      beedd7366e1ef168595d800ebe013067c78775de

    • SHA256

      b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d

    • SHA512

      074c2316d385feb4c78e6068a8fbf37d570bb9ee87a69b76bc3878a1b18eb9f97ca6511709008dcc60158d0dc81395adaed5e309d0266ed7713e7e5e4e442422

    • SSDEEP

      24576:liG03BDYmHDQKcdE2v4jtaUN4cDHZgboRxRprGE:oJYuHTI4jJJObkf

    Score
    10/10
    hijackloaderstealcnight26loaderspywarestealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks