hijackloader | d72e2b176358299b9d09c11b3d654e575777d96beac99e9c1ccebe5ab2523c24 | Triage

Sharing

General

Target

98BC892EA45510099A0B91646A3A0A4E.exe
Size

1.3MB
Sample

240516-ld6y7sed89
MD5

98bc892ea45510099a0b91646a3a0a4e
SHA1

75b11dc9b520e53ef6ec9009afdf8e41fdaa0e09
SHA256

d72e2b176358299b9d09c11b3d654e575777d96beac99e9c1ccebe5ab2523c24
SHA512

a43683bfc093803859175115af427babfc8e7a35d3a9da24ff0aca54161b34f43cc4c566d06b3169c304532dbeb67ee6f366d0fa62b01f08f82b67f8cd1c4dec
SSDEEP

24576:xtneZf0GdlLQXjOrBcDQmTNpuTg+uKlGp0B0WbCWyOVyOckiAhUcMkiAhUcXuUP:xtexLQTOmDlNpEhB0crVriKUXKUXUP

Score

10^/10

hijackloader stealc cozy7 loader spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

cozy7

C2

http://89.105.198.134

Attributes

url_path
/244cbe83570df263.php

Targets

- Target
  
  98BC892EA45510099A0B91646A3A0A4E.exe
- Size
  
  1.3MB
- MD5
  
  98bc892ea45510099a0b91646a3a0a4e
- SHA1
  
  75b11dc9b520e53ef6ec9009afdf8e41fdaa0e09
- SHA256
  
  d72e2b176358299b9d09c11b3d654e575777d96beac99e9c1ccebe5ab2523c24
- SHA512
  
  a43683bfc093803859175115af427babfc8e7a35d3a9da24ff0aca54161b34f43cc4c566d06b3169c304532dbeb67ee6f366d0fa62b01f08f82b67f8cd1c4dec
- SSDEEP
  
  24576:xtneZf0GdlLQXjOrBcDQmTNpuTg+uKlGp0B0WbCWyOVyOckiAhUcMkiAhUcXuUP:xtexLQTOmDlNpEhB0crVriKUXKUXUP
Score

10^/10

hijackloader stealc cozy7 loader spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hijackloaderstealccozy7loaderspywarestealer

behavioral2

hijackloaderstealccozy7loaderspywarestealer