hijackloader

Resubmissions

19-07-2024 16:44

240719-t9bryatfme 10

02-05-2024 07:54

240502-jrj1gseg96 10

Sharing

Copy URL

Twitter E-mail

General

Target

Vortax App Setup.exe
Size

47.3MB
Sample

240502-jrj1gseg96
MD5

cab622641242a6f2fcbb8a1ae2698fd2
SHA1

9d56b54643706787c16f0cae4e9e565c1e1a49ec
SHA256

f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843
SHA512

324ad8a7669d15ef19d0c1d7b362d17f2118414b4e8672921fe45994db0425200a38e26fc4c169ecb19f7c4aa8233fc5dfd32c3cb32e600cc031139d0e530cf1
SSDEEP

786432:MXCn7F7DZHw0SLuXUG6fssNb8ReGJqznv+DGODFjupn5oZfikV6PH2fLbTvkw0Y7:MyRPZQ5LKQ0sNGWO1FpZf+PH67vkoGKL

Score

10^/10

Malware Config

Extracted

Family

stealc

http://89.105.198.134

Attributes

url_path
/244cbe83570df263.php

Targets

- Target
  
  Vortax App Setup.exe
- Size
  
  47.3MB
- MD5
  
  cab622641242a6f2fcbb8a1ae2698fd2
- SHA1
  
  9d56b54643706787c16f0cae4e9e565c1e1a49ec
- SHA256
  
  f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843
- SHA512
  
  324ad8a7669d15ef19d0c1d7b362d17f2118414b4e8672921fe45994db0425200a38e26fc4c169ecb19f7c4aa8233fc5dfd32c3cb32e600cc031139d0e530cf1
- SSDEEP
  
  786432:MXCn7F7DZHw0SLuXUG6fssNb8ReGJqznv+DGODFjupn5oZfikV6PH2fLbTvkw0Y7:MyRPZQ5LKQ0sNGWO1FpZf+PH67vkoGKL
Score

10^/10

hijackloader rhadamanthys stealc discovery loader spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of NtCreateUserProcessOtherParentProcess
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  d095b082b7c5ba4665d40d9c5042af6d
- SHA1
  
  2220277304af105ca6c56219f56f04e894b28d27
- SHA256
  
  b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
- SHA512
  
  61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
- SSDEEP
  
  192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  50016010fb0d8db2bc4cd258ceb43be5
- SHA1
  
  44ba95ee12e69da72478cf358c93533a9c7a01dc
- SHA256
  
  32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
- SHA512
  
  ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
- SSDEEP
  
  48:S46+/pTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8m/ofjLl:zbuPbO5tCZBVEAWyMEFv2CmCL
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral4
- Target
  
  Accessibility.dll
- Size
  
  20KB
- MD5
  
  fb554f9fe0b91f135d26ac6459cfd6f2
- SHA1
  
  b1269a2c28bded872b14fe70b69484631ef3a65d
- SHA256
  
  929ea150ad45b7c7dd5427461fbec44d43b67c08081f59b42b6abf570feae271
- SHA512
  
  8dffde6cddfc59ec380111fd36048126559e1f1e080c081ca0d09021bb23d6888e93e1659c7b3a8fa46f76602b03cf3e638ec1a80fba79e51648dcb32362e10c
- SSDEEP
  
  384:qBmy0h6gSGRaOcHitWG/W65kHRN7lI+R9zJKBd:7SNOcHOUOi9zEBd
Score

1^/10
behavioral5
- Target
  
  D3DCompiler_47_cor3.dll
- Size
  
  4.7MB
- MD5
  
  03a60a6652caf4f49ea5912ce4e1b33c
- SHA1
  
  a0d949d4af7b1048dc55e39d1d1260a1e0660c4f
- SHA256
  
  b23e7b820ed5c6ea7dcd77817e2cd79f1cec9561d457172287ee634a8bd658c3
- SHA512
  
  6711d40d171ea200c92d062226a69f33eb41e9232d74291ef6f0202de73cf4dc54fbdd769104d2bb3e89dc2d81f2f2f3479e4258a5d6a54c545e56b07746b4c4
- SSDEEP
  
  49152:xCZnRO4XyM53Rkq4ypQqdoRpmrgBVYvkaRwv/ZD0/WYLDltog/RfznLeHTRhFRNI:YG2QCS6HHzog/pznA7T6VP
Score

1^/10
behavioral6
- Target
  
  DirectWriteForwarder.dll
- Size
  
  526KB
- MD5
  
  69044c681ea1eedca54d13ed97e1452a
- SHA1
  
  f4fbb066afa38be160fc4462994b2cdb67af5cca
- SHA256
  
  778936b5baf157c3a040955bc637936952e7b68c5aff83536d4b613ed9691cde
- SHA512
  
  4aed9e46d1670e6b85254bf905e4bcc53e3fa9d7e1b29d434c86ee42feb90a992e80057ad476ee4561389368ed8308e9f9548012d85dec26dcda9dc2ecb766d8
- SSDEEP
  
  6144:PQd8G8WEjiXSMYhtsOljgEk+hY8rY2JQT296UKf12fzfOqpo0EVbn95n3i1+wZ:P5G8WEjiX/Yvh0E9rY2NDJO0Cbn9d3S5
Score

1^/10
behavioral7
- Target
  
  Microsoft.CSharp.dll
- Size
  
  982KB
- MD5
  
  8e7612cc8019d952a93d9b777e71b802
- SHA1
  
  d973dfb790614e9a5e7c3ce8b421c085d11937ed
- SHA256
  
  df495f74456ad5ae30a5bac440b4d3808fa2d13c377cce1afc0146b8319ded6e
- SHA512
  
  3a818940d3c6f5da11bc86c974a54323ae2a1ad876613790ffe68aa5b674c54e5de0c133614236f45a89de86a5547cae4f8e6f2c97d7874221b2b1a285e14355
- SSDEEP
  
  24576:XUpXJ0Hy8Ext+9whtbSa0wHVu9yH1sCzwUD/zD:EpXiHyN++tbLzHVu9yHXPjH
Score

1^/10
behavioral8
- Target
  
  Microsoft.DiaSymReader.Native.amd64.dll
- Size
  
  1.8MB
- MD5
  
  804b9539f7be4ece92993dc95c8486f5
- SHA1
  
  ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
- SHA256
  
  76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
- SHA512
  
  146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2
- SSDEEP
  
  24576:qz0s9kT3H8I0bo5rjwjnbRCJMy37DjZ3IrVynoT/RUqtMAIEohkGXTwImgP:qYs9m3H5rjQn1CiAnZ3yV+oTZQEoTTH
Score

1^/10
behavioral9
- Target
  
  Microsoft.VisualBasic.Core.dll
- Size
  
  1.2MB
- MD5
  
  3a037c21af5742650933cebf0521f3d6
- SHA1
  
  8b22127c4feb185c5d02d83b5f1fe3815821036c
- SHA256
  
  34271825351d9871583dead758b44676ef2bac56c4b7ac7124fadb087ea44f6e
- SHA512
  
  3451bd4b3053d3834f07fc1d0d6a691fdadab2b7290d1ad21b48e9f319249aac89455b1caea463beb4b2910b90b7f8a518221b2f3b0e3863beca3104030c8ee3
- SSDEEP
  
  24576:qFMvfAlbPZy4jHHa2frxkxRecGSIsRv3i6hFqQX:qFMvolTvHHa2DqT3i4
Score

1^/10
behavioral10
- Target
  
  Microsoft.VisualBasic.Forms.dll
- Size
  
  242KB
- MD5
  
  79fe89013356423a12f52fb8a09a54c7
- SHA1
  
  3e5fda4b2c8d3b41c9b88404a01a2b8dcfd06ebe
- SHA256
  
  62878ad85c315f06a00f7f1f543bba3f411838e80fb7bfe4d6f6ec935930efdc
- SHA512
  
  3a3d927a7944b40fcc6990c94574eb42b1e7fcbbd29f405d0dc5471c63549c63f7b7c61a3d17c2fd33cfc21c4bab0492e6532b6542cb4d24e10bd9dd0bb249d3
- SSDEEP
  
  6144:K6IA96ZdbZRjEtB5dzAbxbDme2NUIPOzQI:f9MbYZdGpgUwOcI
Score

1^/10
behavioral11
- Target
  
  Microsoft.VisualBasic.dll
- Size
  
  18KB
- MD5
  
  e5ce0f3a5d15d8b6693724c40197a9fe
- SHA1
  
  2e0b6bfdbb5c185ca71fe1d5b5f0eab18d568471
- SHA256
  
  9d20ca17355838ff3d2f3c89fbaf7c705bd01d297d1eb589489a84f6430da894
- SHA512
  
  3b87f295c1d914dc1ae95798e2ee1fcef40dc0ab1688ec247d4c2c777c253912980ecc8bfba11f0327a9d8bda9c1c36752de9ba936cba902ccb4cbfa7e82a26d
- SSDEEP
  
  384:+2gfnShxL2GlzxWmHr9QdWTTb2HRN7AxR9zr75:+5n6lZlzX/iA79zh
Score

1^/10
behavioral12
- Target
  
  Microsoft.Win32.Primitives.dll
- Size
  
  15KB
- MD5
  
  300c95ff95b52e8a02fec6bfcfa58225
- SHA1
  
  b646f89fcd463ad5c19889b4fea40540568b780c
- SHA256
  
  f1b40565e5c4c41da810aee5b7d2272a0906e88f796812435aa5ed712bcac40c
- SHA512
  
  9bfe0eb6eea98b2d35aa42986a273ec82424143965e173b32bb4b7e5537580a027940a6952a45fc54f0b665e871deb2a95651106c2f24c7de3b3d3cd2dec7e89
- SSDEEP
  
  192:Vi0pAxFWh/pWYuWXebPpUNTQHnhWgN7agWlnfEl+X01k9z3AE1a9Fb4hk6gn:ViMeFWh/pWYTb2HRN7cY+R9zF1aLchkv
Score

1^/10
behavioral13
- Target
  
  Microsoft.Win32.Registry.AccessControl.dll
- Size
  
  34KB
- MD5
  
  8ed7b1aa897a85bd5619220f28be88ef
- SHA1
  
  539839a6fc00d462340d569fff8f42b06010df8f
- SHA256
  
  9ee0d84655655e39ede6d23aed940c98a3a8eb6270d878b252ea1720f750cead
- SHA512
  
  2caacc3f8b5084effeac526873365697f72e242fbaa71a94fe5e739dbfe5dd35a85ad618d31d2ddc65d648c3f2f5ad436d14f9d4bcaa813e88e4bf1643e3a196
- SSDEEP
  
  384:FWFPrWFVHFcKRKbUWTb2HRN7Jr+Hj+R9zjj2X:M6FvRKbH/iwHji9zY
Score

1^/10
behavioral14
- Target
  
  Microsoft.Win32.Registry.dll
- Size
  
  118KB
- MD5
  
  b69cd4e54d44e1d73ebe2c1a492dff43
- SHA1
  
  44739e4f0a64cd1dce73afddae1e27c20e663757
- SHA256
  
  e1c83bc80e79863e80cfaca350291ae5bdf942c59f39e812770039bdaa660ac9
- SHA512
  
  9aaf53d69401175f35f079b031806266ec419170205a0291f38986a4b1cc39704f1e081ff18d178b0fb9d9b5eaceca60384e7e1fa2eeaaab88b2e157a1f8e667
- SSDEEP
  
  3072:5vauwrxjsbG4TJ6UJSvEVcULVi8AiC1HLP:AQ64t6UJSvEVzIlb
Score

1^/10
behavioral15
- Target
  
  Microsoft.Win32.SystemEvents.dll
- Size
  
  94KB
- MD5
  
  089edcaae873c9371b2dc9a4399f62b9
- SHA1
  
  441686e76986ecf295e50e80a78dc093dc9f9a02
- SHA256
  
  c81a58bd27c74f91e26245c530c4cadc5425a1a1586886c6a5631eef9d81fde2
- SHA512
  
  6b88f9264fdbbb0585efa21940fc888c593862ebb3bd305890294f64b37a81967a8ab2fbba30aa3f5db2994c25c57929df1644e269be898b77c77d4c0181f943
- SSDEEP
  
  1536:BF0vV+d5uN62jM2HHdKCqN/4IGrtsD3jvSD7Tir+zr:Bav8d8N5jpH0QIGrYjW7l3
Score

1^/10
behavioral16
- Target
  
  PenImc_cor3.dll
- Size
  
  158KB
- MD5
  
  362e037c4be1cb28fac25612e9be029d
- SHA1
  
  4a11ab39dbd0dba5480f54324c58f8294b19ce5f
- SHA256
  
  f95b51b5bee746ea3430a277f0473f42e4e22fc12b8dbfc719346cee579b80ff
- SHA512
  
  945b6cc6cba7742323b6cc023eb78b227180bf8a0f8c134871948410b48d9399ae68f52ef80e18945fb018508f92ae6da9584c75c6f12fe06f6e86fdea4611d6
- SSDEEP
  
  3072:OzAUq2kMBlUb8BQLBzDUw7aaHSuEmUgPuoATZ+AiRvYY4ZmoJ:OzHkMTvmLtDUw2huEmd2LbYvi
Score

1^/10
behavioral17
- Target
  
  PresentationCore.dll
- Size
  
  8.1MB
- MD5
  
  54a9ea4491aeee137812644020edf11c
- SHA1
  
  0f37d038a55de37f21ac7766445db834a4c4be9d
- SHA256
  
  0c4fe5ce21bfb23509f3193a32baa41418495d17566c8001a6089366f02c997f
- SHA512
  
  4f0fe93075a1624d8ce943587f9e9279dbbd0ef555e16a5f959dc4cfc186a4efcf0606d9b787b0d051d589e16265130fce7e3af48188a77ae1751473e555b39b
- SSDEEP
  
  98304:cydX7XPKirgh87l92RB9ZlssbECcj538M/YbaHvskr:cCj7H2T9Z+sACcj538M/5Hv1
Score

1^/10
behavioral18
- Target
  
  PresentationFramework-SystemCore.dll
- Size
  
  38KB
- MD5
  
  e068ab2203ec174d6beff4d3aeaceff6
- SHA1
  
  7e97708718523b2763db3a8d565b80e1ea2fabcc
- SHA256
  
  bcf0a82ed887754a9f757370bf640b2958ba4224540cc212a7beaa6ec69a3ad2
- SHA512
  
  12ebf2ced7088dee33f6186731c34b7100df7f112c9b248a043f1d56947ccab32e95fe39eb89d74d781c33219edf219766a1f17ddec754c460ea4aaa8be24160
- SSDEEP
  
  384:v9WOL+8J5jfHlx8uQ7YADw7j7UnPYT5kHRN7DUR9zOA:7yejfHlx8uQ7g7j7Ac9zl
Score

1^/10
behavioral19
- Target
  
  PresentationFramework-SystemData.dll
- Size
  
  34KB
- MD5
  
  df27fdb4821fcec67409f8339897ffa0
- SHA1
  
  6fe1f3cec9118ef2f32d0c26848b56db2e9e1262
- SHA256
  
  44fea2ffd9539324fb152448aace4069a16c0659f88e880426cb0d294257c0b0
- SHA512
  
  da9a2e63c5d3c61c10f6bcec211d6c16e5d465e4acbdd77b84c935414cb880ded26b37e19d514b655db194781c020dfd05db5132a6a7ca6daf60c38a9f29dfa0
- SSDEEP
  
  384:W99We7U38mYOqmMUIKRxo5kasgThHDTb2HRN7hL7/sWAR9zgP4:I8AHcgtj/il4L9zh
Score

1^/10
behavioral20
- Target
  
  PresentationFramework-SystemDrawing.dll
- Size
  
  34KB
- MD5
  
  dc9732ad3060a97783634d74f0346993
- SHA1
  
  4c4e4980d6c8a4ad85ebf65c59e862de3701b067
- SHA256
  
  64f6604fe859028f49340916e233f13482d3db1bc00db40115e1e682962cdd21
- SHA512
  
  35e2528b160f457d47d6a260d6961881ebc856c44954d2ccd48be6ddf163ac3f72d9d5927ef9df3d088398cbcb3953d4dd0de3ce850adafa476615e7c7514d18
- SSDEEP
  
  384:0adWvS3Xsvy48q9kCcr6K9mN9xAhPS5kHRN74NNPR9zulJW:QcXsaEHoPTM9zk4
Score

1^/10
behavioral21
- Target
  
  PresentationFramework-SystemXml.dll
- Size
  
  34KB
- MD5
  
  e5e01a112a8fe6926515e2dc9bcf8f76
- SHA1
  
  1d2080a026e708f0ac581547f79bc92ecc932bd4
- SHA256
  
  b11df1284dd69b60277ad7c649c0a1391853c30d1633eb7bc66815b5b57cb0cb
- SHA512
  
  bdd4fa8c7c17d1353fde6bbcd8d9bf7e47e3b3736e324b122d3d044bd4de847768476684af0452999171d8ae3db753718a97eec0e17d580a2e6d3b3992740fd9
- SSDEEP
  
  384:7dW7u+AEtRPrLfOx+GtH6fDo6YL4CFkTb2HRN7SW1KcYR9zd3eC5I:yTXPrSKk6m41/ib1Kn9zkCy
Score

1^/10
behavioral22
- Target
  
  PresentationFramework-SystemXmlLinq.dll
- Size
  
  30KB
- MD5
  
  f46145c2eefaf9236ef55bb891f2549f
- SHA1
  
  aeb4f62f51aedc382b65919a433348032e230509
- SHA256
  
  e9e261830c076dec42f01374921501ef3a83fcc79a474b4da6ad0249c9777be0
- SHA512
  
  73c2378a29f3e5ef2e058caa209f235b5077a1133cf16b5ff9f78c03b69455aed2b7cf58399517351dae4b8262abcf768617bdc1a04312be14cc7988e3d050d4
- SSDEEP
  
  384:ldWvyiIyBk0HulEDk8hPTb2HRN7fO+Hj+R9zjjeh:kuyBVRDk0/if5Hji9zG
Score

1^/10
behavioral23
- Target
  
  PresentationFramework.Aero.dll
- Size
  
  434KB
- MD5
  
  956da05fa28aec596b2e01d8215fdcc8
- SHA1
  
  d94cfcc50d162b7109d970431e43ce4962025999
- SHA256
  
  24b81eee5b918fd6b0fb2ad88dbf1cc694f908b28acabc47d5f01a634804f7ac
- SHA512
  
  d74da48cfa9b6614c7d11c640506bbdf87721dee92073292b43537be030abfecc873fa67575ff297bf486129bcce8d15005ab79d92d2a204c5faa5b36eccd86d
- SSDEEP
  
  6144:Q98rwxxnoe9afYia26hCI9kiadVkVPtfOlu:Qhzn19uzaFhCI9kiMkP1
Score

1^/10
behavioral24
- Target
  
  PresentationFramework.Aero2.dll
- Size
  
  438KB
- MD5
  
  b4d3c2885f8a61e7dd73bef12f958c8a
- SHA1
  
  4290d770add71dba12bf8d1f05adb5dbc3e18111
- SHA256
  
  e86faa34363508fc253f2a7e1261c4603cae57d5e91f663761a946efe11b538a
- SHA512
  
  b31a16ca71d228caf7bc30137bfed0eb7ea54d50ee85cb96272e2582d034ff3dd10ee7da6a06699f9b604721038fe613f1445ce31dd595d2d8ec72f37186c00e
- SSDEEP
  
  6144:F5fP7nVEPFm3kW5kTgraU9kioEBDPVPtfUUr:FxP7net7kkTgraU9kiLDPPR
Score

1^/10
behavioral25
- Target
  
  PresentationFramework.AeroLite.dll
- Size
  
  234KB
- MD5
  
  8bc611a7167eee966c126c294bfc4a42
- SHA1
  
  387c1f1c4283fc895c7408308bfafe4c5104fb6d
- SHA256
  
  c646fe54a9e2ee2349bdc25a3d3be095728b1d6bfa9743dc80829115b8169535
- SHA512
  
  3e2f900667fcb01b7a8b78915a8dd1f9c835ef9c3e441b1e548b1257fc3e7e3f3c62f33e5c376e0e998424d79bd89e52b0937354e49d1777ef8ebaafc86021c8
- SSDEEP
  
  3072:UU05HdISwFhxxtKriVWOFm7Y9Eq/2StV3feKu:r0JdINHdEq/ttV3i
Score

1^/10
behavioral26
- Target
  
  PresentationFramework.Classic.dll
- Size
  
  266KB
- MD5
  
  d094624d02409e8e3cff95c8b8df8f27
- SHA1
  
  5b889a894c61d08778c24ae2a290f9cfc2c79819
- SHA256
  
  f7dde4e6dc549e4cf4e884b2bc850ba9fac3c17971a729a249a3faaa6807fa31
- SHA512
  
  ec2ee1cc713eddd8db644ef2c26cbf7c3224ef48fc3d336963107a58407656e80ffc507f52f261e13b6cb2296c03ce903c35a453c76da171176bb62c8ac2b17d
- SSDEEP
  
  3072:dqHyX7U01FlqnpoHiD3r6E+w3os53UG4N14dBhcA:gSLU0PonpWTw4s53DI4n5
Score

1^/10
behavioral27
- Target
  
  PresentationFramework.Luna.dll
- Size
  
  654KB
- MD5
  
  c1806c9b2ff527c5e1e45d5f2e5ace7c
- SHA1
  
  66557c21c512826146a8141e6b76d2dd9f1cc37f
- SHA256
  
  04d6231f385ea8bd69dd0736e734c82130c812ba43a29ec887579737b220a8c2
- SHA512
  
  0f5ddcba338ff9e9f71bcfdf7303e16658660070e22659091e8a2c48dcb6723432acfdc68eb3a01e9769952d223ccdcd45b44af7a04c5e88be4cc1f6ae570039
- SSDEEP
  
  6144:kCx84tTzfaM1AgqQB7miOKyg1puryFj7SPgqfd77U4PQpUejSa9NLOQx+d:kUT7aMaSzOKy2r7SPN0UKS6Owy
Score

1^/10
behavioral28
- Target
  
  PresentationFramework.Royale.dll
- Size
  
  326KB
- MD5
  
  9ff70e0d720298a54f8e6ef0d150bcc7
- SHA1
  
  99aead2cbcacc039e4979142ca94134702852b58
- SHA256
  
  6ca46b29be2be63f2601778c29f6a409c2e38b6f6ee5c861b4169ac4c5b4d3a9
- SHA512
  
  5453b8048bc7150fb3e93d4121bcd810409a96c259c6557c5d10cfe9511b9b908a6d220046dd68a3dcf21febac7d8b481d12cdd188e270dced0529e9f410341e
- SSDEEP
  
  3072:ZB3+s+BvvfIPvH96Xcfb81vFdqjdaiFH7NgiAeYnFm4v7OdOcU1U76ccO:D1wInd6Xcfg9UjYrLv7fUOcZ
Score

1^/10
behavioral29
- Target
  
  PresentationFramework.dll
- Size
  
  15.4MB
- MD5
  
  ba6e68ef1f1265572d2a3fc021337f84
- SHA1
  
  ce444a26099be1e0ae0b711681a96a8f5e8b8d20
- SHA256
  
  ee16fa6feb06c981fcf32f21ca90bfd4d9f365d0e67ad9b3bbee6336cbf12e1c
- SHA512
  
  e00af2bdb786909cbbd690cb8922e16065f21cf31a2b64c7046ac0097593d5344035b1cdb46e3cd58183851eb4fc08ac7b39dbd252b3f6f05dbe52ad8d927172
- SSDEEP
  
  196608:mCMisQjg71DbFZPrmlwBdlc27RkwsnNRAU/y:mCM4jEDbFZPrmlw/lc2tgeUK
Score

1^/10
behavioral30
- Target
  
  PresentationNative_cor3.dll
- Size
  
  1.2MB
- MD5
  
  274761a595f86982214221b5685b3218
- SHA1
  
  b908013028cb07fb799de2e48b6492404add6069
- SHA256
  
  6d5910c0a0a4e3ee8863e4dadc73662d28ae9bfcda4a52960e26c1237386851a
- SHA512
  
  3f9cf3d8e428619b798374f2e2a6ef9cf4213428277a74306978552772aae1a4a9ae7247c2dc893c0054d480dda871bbd74b0bc4afd65b0f584958d501ed8867
- SSDEEP
  
  24576:hS6Z8wCW4XArBKSyuvy/VKg0v7E7lITY7vYUNli1sR/HD0MEWhuoNajzuIWMMMQg:h18wCbArBK3H0v7wITcQUNlf/HDtuog1
Score

1^/10
behavioral31
- Target
  
  PresentationUI.dll
- Size
  
  1.2MB
- MD5
  
  a8c64156aae90700e637b4d37e4744f8
- SHA1
  
  97c6aff2c92268f6dfe55a03e4c3867ef2506e23
- SHA256
  
  ee9e588dd3a3902f2f864c8dd7cb5fcab7c9fe3513af2b16f3a04c0d32eb306c
- SHA512
  
  fb1c22b8307d58fe261ffa7eb1573e0631e2d3ae8e5e92220ff66712548710435e175730623e8e2baf39010a28dd9d80b16d54b867928fdd94d37244d0b83143
- SSDEEP
  
  12288:3HDpeJwwGlyTcnsQfoVGd3HyG+lfpaZxu7YJszbxho/tn7JAqkFU1j:3leFGlyXQfoVGd3HglxOiyothoVKjFUJ
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detects HijackLoader (aka IDAT Loader)

Rhadamanthys

Stealc

Suspicious use of NtCreateUserProcessOtherParentProcess

.NET Reactor proctector

Accesses cryptocurrency files/wallets, possible credential harvesting

Downloads MZ/PE file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32