Resubmissions

19-06-2024 21:00

240619-ztfnva1fkd 10

19-06-2024 20:53

240619-zpdnpawalj 10

19-06-2024 20:28

240619-y876zazfpd 10

General

  • Target

    hijackloader_stealc_new_hash.exe

  • Size

    922KB

  • Sample

    240619-ztfnva1fkd

  • MD5

    4081d00fabf6ba8e9eb58202ea053735

  • SHA1

    22afaf01961b36e741d104bd3b96ce8df4fbf519

  • SHA256

    ef62979af506ec3ac2c176bc667465940ca4a1e4f8229e0bc992fec715d43ae8

  • SHA512

    1434efa23afd3cb95d0a55a17b246cbee0179072660ce0458701cf9b3b8075217b0864be09a2bbc428c2b9f2253cace6361f874ad8f1d2f472f9f34bd0bc4eda

  • SSDEEP

    24576:e8inyEBCZN5hoVlnJXzJ/SEVSoMAALia4:DgABuxF/SRF4

Malware Config

Extracted

Family

stealc

Botnet

cozy15

C2

http://193.163.7.88

Attributes
  • url_path

    /a69d09b357e06b52.php

Targets

    • Target

      hijackloader_stealc_new_hash.exe

    • Size

      922KB

    • MD5

      4081d00fabf6ba8e9eb58202ea053735

    • SHA1

      22afaf01961b36e741d104bd3b96ce8df4fbf519

    • SHA256

      ef62979af506ec3ac2c176bc667465940ca4a1e4f8229e0bc992fec715d43ae8

    • SHA512

      1434efa23afd3cb95d0a55a17b246cbee0179072660ce0458701cf9b3b8075217b0864be09a2bbc428c2b9f2253cace6361f874ad8f1d2f472f9f34bd0bc4eda

    • SSDEEP

      24576:e8inyEBCZN5hoVlnJXzJ/SEVSoMAALia4:DgABuxF/SRF4

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Stealc

      Stealc is an infostealer written in C++.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks