Overview

overview

10

Static

static

10

snss1.exe

windows7-x64

10

snss1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    snss1.exe

  • Size

    1.0MB

  • Sample

    240611-cgf3hs1apj

  • MD5

    ffdc69212e6267315ce7fc7c5e8b517c

  • SHA1

    d1e6c1a2acf1877439f207d6377987f5a13756e9

  • SHA256

    939b4ad64a2fee79a9c587e6ba51da1a91776bc0ba981d6bfdf4ce4e9d38692a

  • SHA512

    1a0f2e83397c7bef5e88b0a59321533f33154546594a8710dad8fbd4bccca67969787cdf73f2afb7155cd59742af50dd1bee88ed35eec4f2a2a41d34710dca0d

  • SSDEEP

    24576:9e5/rpVXDp3l86eK7m02hxLF6QY4JVz4/bL9rpLJA0vk:MHw1KwJIQYUkjJV+n

Score
10/10
hijackloaderstealcdex9loaderspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

dex9

C2

http://45.132.105.157

Attributes
  • url_path

    /eb155c7506e03ca9.php

Targets

    • Target

      snss1.exe

    • Size

      1.0MB

    • MD5

      ffdc69212e6267315ce7fc7c5e8b517c

    • SHA1

      d1e6c1a2acf1877439f207d6377987f5a13756e9

    • SHA256

      939b4ad64a2fee79a9c587e6ba51da1a91776bc0ba981d6bfdf4ce4e9d38692a

    • SHA512

      1a0f2e83397c7bef5e88b0a59321533f33154546594a8710dad8fbd4bccca67969787cdf73f2afb7155cd59742af50dd1bee88ed35eec4f2a2a41d34710dca0d

    • SSDEEP

      24576:9e5/rpVXDp3l86eK7m02hxLF6QY4JVz4/bL9rpLJA0vk:MHw1KwJIQYUkjJV+n

    Score
    10/10
    hijackloaderstealcdex9loaderspywarestealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks