hijackloader | 6d3da611ddf750a9445e040cfae4a6c09f333f18f124dedf42bd2235f9405406 | Triage

Submit
Reports

Overview

overview

Static

static

hijackload...sh.exe

windows10-2004-x64

Sharing

General

Target

hijackloader_stealc_new_hash.exe
Size

922KB
Sample

240619-1dstxasenf
MD5

8839a2699343f7756f66a81a6baea1a7
SHA1

589e64aacc11f8b530a8c5408d51ca65d103205b
SHA256

6d3da611ddf750a9445e040cfae4a6c09f333f18f124dedf42bd2235f9405406
SHA512

3cffd09b4a646c4e3e1b46f6d38b088df6ca74a40bccb2c807d4027bec9878813d246ec82e4ebb408eb9e497651fb80d86cfabc62251edb8068b4a2f1644db0d
SSDEEP

24576:e8inPEBCZN5hoVlnJXzJ/SEVSoMAALia4:Dg5BuxF/SRF4

Score

10^/10

hijackloader stealc cozy15 loader stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

hijackloader_stealc_new_hash.exe

Resource

win10v2004-20240508-en

hijackloader stealc cozy15 loader stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

cozy15

C2

http://193.163.7.88

Attributes

url_path
/a69d09b357e06b52.php

Targets

- Target
  
  hijackloader_stealc_new_hash.exe
- Size
  
  922KB
- MD5
  
  8839a2699343f7756f66a81a6baea1a7
- SHA1
  
  589e64aacc11f8b530a8c5408d51ca65d103205b
- SHA256
  
  6d3da611ddf750a9445e040cfae4a6c09f333f18f124dedf42bd2235f9405406
- SHA512
  
  3cffd09b4a646c4e3e1b46f6d38b088df6ca74a40bccb2c807d4027bec9878813d246ec82e4ebb408eb9e497651fb80d86cfabc62251edb8068b4a2f1644db0d
- SSDEEP
  
  24576:e8inPEBCZN5hoVlnJXzJ/SEVSoMAALia4:Dg5BuxF/SRF4
Score

10^/10

hijackloader stealc cozy15 loader stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hijackloaderstealccozy15loaderstealer

© 2018-2024

Terms | Privacy