hijackloader | 844e22dd38a08217c64322ee018ea293ede53e660b79e841417b78ec8a28d0e9 | Triage

Submit
Reports

Overview

overview

Static

static

59d0282fcb...c6.exe

windows7-x64

59d0282fcb...c6.exe

windows10-2004-x64

Sharing

General

Target

59d0282fcb01a6735aca82dfaf1098c6.exe
Size

4.3MB
Sample

240501-jlyxfsdb62
MD5

59d0282fcb01a6735aca82dfaf1098c6
SHA1

affbbb62e498264858f37b6b540e952371a17831
SHA256

844e22dd38a08217c64322ee018ea293ede53e660b79e841417b78ec8a28d0e9
SHA512

4449b3b6408fe112197f7b9405ba24eaaab294d13c661f3386b97fb0332c8bfba6c2daec8ec023a24732f55b330fc46b9ec93585a074e64bbb2aecd1e539f510
SSDEEP

98304:lfgl8Ig4nttHq4oaU/7jigBljWiqSmhJQ62W/ok6f/R4H6:l4KIJtaFBwiqhJSW/le/u6

Score

10^/10

hijackloader stealc loader stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

59d0282fcb01a6735aca82dfaf1098c6.exe

Resource

win7-20240215-en

hijackloader stealc loader stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

59d0282fcb01a6735aca82dfaf1098c6.exe

Resource

win10v2004-20240419-en

hijackloader stealc loader stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://193.163.7.88

Attributes

url_path
/a69d09b357e06b52.php

Targets

- Target
  
  59d0282fcb01a6735aca82dfaf1098c6.exe
- Size
  
  4.3MB
- MD5
  
  59d0282fcb01a6735aca82dfaf1098c6
- SHA1
  
  affbbb62e498264858f37b6b540e952371a17831
- SHA256
  
  844e22dd38a08217c64322ee018ea293ede53e660b79e841417b78ec8a28d0e9
- SHA512
  
  4449b3b6408fe112197f7b9405ba24eaaab294d13c661f3386b97fb0332c8bfba6c2daec8ec023a24732f55b330fc46b9ec93585a074e64bbb2aecd1e539f510
- SSDEEP
  
  98304:lfgl8Ig4nttHq4oaU/7jigBljWiqSmhJQ62W/ok6f/R4H6:l4KIJtaFBwiqhJSW/le/u6
Score

10^/10

hijackloader stealc loader stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hijackloaderstealcloaderstealer

behavioral2

hijackloaderstealcloaderstealer

© 2018-2024

Terms | Privacy