Resubmissions

13-06-2024 03:14

240613-drjrtswcqk 10

12-06-2024 14:43

240612-r3q7yayelh 10

General

  • Target

    mp.exe

  • Size

    9.2MB

  • Sample

    240612-r3q7yayelh

  • MD5

    bbc886e8c9dde33980c382263b7ce8b8

  • SHA1

    a5953c53277cfb3db60f8060fe6d69ca87dc8ee4

  • SHA256

    6f08d25994d6b37a4c711033e6b949ab66c15914952eb4c86efa504f727af635

  • SHA512

    f247523b095cd3259a18ec2866491385326d8ae92b4cba0f068822b06730c9b7a15b9773ac0cd043a7b06655b0fe29d9cca7d6559c4ce0f9241f0abfab592bee

  • SSDEEP

    196608:wssBSXxz17OxBaQR5MetJ05SuN1qpJ1pRONksJp:wssBSXxzIBaQR525do1pRbkp

Malware Config

Extracted

Family

stealc

Botnet

xprivate4

C2

http://45.88.77.186

Attributes
  • url_path

    /93fc676dbd45174b.php

Targets

    • Target

      mp.exe

    • Size

      9.2MB

    • MD5

      bbc886e8c9dde33980c382263b7ce8b8

    • SHA1

      a5953c53277cfb3db60f8060fe6d69ca87dc8ee4

    • SHA256

      6f08d25994d6b37a4c711033e6b949ab66c15914952eb4c86efa504f727af635

    • SHA512

      f247523b095cd3259a18ec2866491385326d8ae92b4cba0f068822b06730c9b7a15b9773ac0cd043a7b06655b0fe29d9cca7d6559c4ce0f9241f0abfab592bee

    • SSDEEP

      196608:wssBSXxz17OxBaQR5MetJ05SuN1qpJ1pRONksJp:wssBSXxzIBaQR525do1pRbkp

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Stealc

      Stealc is an infostealer written in C++.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks