hijackloader | 32c3fd432328c206b814fbb96ba10d3b214ce37644cf727e9c4c56009893813c | Triage

Submit
Reports

Overview

overview

Static

static

1

download.js

windows11-21h2-x64

Sharing

General

Target

download
Size

456KB
Sample

240511-w9rjhaee55
MD5

38f54cad3620f8784b5fad06b8af5aec
SHA1

99cf7ea0f6456baeee6c69d6f9839e4b4048e432
SHA256

32c3fd432328c206b814fbb96ba10d3b214ce37644cf727e9c4c56009893813c
SHA512

73b30fd1e6f49315f3e59c2d08cfea2e0e2e3ae449d2f8a19d9ddd9d80bebab243f90294c9368d75aa62b312811ae663132b6a8d51abd3b0811b1a6300843447
SSDEEP

3072:C4yQa+N61ZK27lCdc4G2PiXAuMO0uZtHrJ2sKTmn:C4Ra+N61ZK27Oc4G28AuMO0uZ5rJ2yn

Score

10^/10

hijackloader stealc discovery execution loader spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

download.js

Resource

win11-20240508-en

hijackloader stealc discovery execution loader spyware stealer

windows11-21h2-x64

27 signatures

300 seconds

Malware Config

Extracted

Family

stealc

C2

http://89.105.198.116

Attributes

url_path
/192e1934359966f8.php

Targets

- Target
  
  download
- Size
  
  456KB
- MD5
  
  38f54cad3620f8784b5fad06b8af5aec
- SHA1
  
  99cf7ea0f6456baeee6c69d6f9839e4b4048e432
- SHA256
  
  32c3fd432328c206b814fbb96ba10d3b214ce37644cf727e9c4c56009893813c
- SHA512
  
  73b30fd1e6f49315f3e59c2d08cfea2e0e2e3ae449d2f8a19d9ddd9d80bebab243f90294c9368d75aa62b312811ae663132b6a8d51abd3b0811b1a6300843447
- SSDEEP
  
  3072:C4yQa+N61ZK27lCdc4G2PiXAuMO0uZtHrJ2sKTmn:C4Ra+N61ZK27Oc4G28AuMO0uZ5rJ2yn
Score

10^/10

hijackloader stealc discovery execution loader spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hijackloaderstealcdiscoveryexecutionloaderspywarestealer

© 2018-2024

Terms | Privacy