General
-
Target
mp.exe
-
Size
9.2MB
-
Sample
240612-r3q7yayelh
-
MD5
bbc886e8c9dde33980c382263b7ce8b8
-
SHA1
a5953c53277cfb3db60f8060fe6d69ca87dc8ee4
-
SHA256
6f08d25994d6b37a4c711033e6b949ab66c15914952eb4c86efa504f727af635
-
SHA512
f247523b095cd3259a18ec2866491385326d8ae92b4cba0f068822b06730c9b7a15b9773ac0cd043a7b06655b0fe29d9cca7d6559c4ce0f9241f0abfab592bee
-
SSDEEP
196608:wssBSXxz17OxBaQR5MetJ05SuN1qpJ1pRONksJp:wssBSXxzIBaQR525do1pRbkp
Behavioral task
behavioral1
Sample
mp.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
mp.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
stealc
xprivate4
http://45.88.77.186
-
url_path
/93fc676dbd45174b.php
Targets
-
-
Target
mp.exe
-
Size
9.2MB
-
MD5
bbc886e8c9dde33980c382263b7ce8b8
-
SHA1
a5953c53277cfb3db60f8060fe6d69ca87dc8ee4
-
SHA256
6f08d25994d6b37a4c711033e6b949ab66c15914952eb4c86efa504f727af635
-
SHA512
f247523b095cd3259a18ec2866491385326d8ae92b4cba0f068822b06730c9b7a15b9773ac0cd043a7b06655b0fe29d9cca7d6559c4ce0f9241f0abfab592bee
-
SSDEEP
196608:wssBSXxz17OxBaQR5MetJ05SuN1qpJ1pRONksJp:wssBSXxzIBaQR525do1pRbkp
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
Deletes itself
-
Suspicious use of SetThreadContext
-