Overview

overview

10

Static

static

3

TidyMe.exe

windows7-x64

7

TidyMe.exe

windows10-2004-x64

10

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

3

LICENSE.electron.txt

windows7-x64

1

LICENSE.electron.txt

windows10-2004-x64

1

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

TidyMe.exe

windows7-x64

7

TidyMe.exe

windows10-2004-x64

7

chrome_100...nt.pak

windows7-x64

3

chrome_100...nt.pak

windows10-2004-x64

3

chrome_200...nt.pak

windows7-x64

3

chrome_200...nt.pak

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

icudtl.dat

windows7-x64

3

icudtl.dat

windows10-2004-x64

3

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

locales/af.pak

windows7-x64

3

locales/af.pak

windows10-2004-x64

3

locales/am.pak

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TidyMe.zip

  • Size

    71.3MB

  • Sample

    240708-nhvg3swfpq

  • MD5

    d2136eef938dfcb645ca2524163b584e

  • SHA1

    fa36bf38c20ef719996b63a85e35f79a3120d912

  • SHA256

    479f024e77b53300da8dd0e0d0243dca32af5c1aefaa2f254127bc59f2901d93

  • SHA512

    65ff0a484d2a42ab18ecb917d94c07e5934570a46202e7da3f82af6961b3149f33b079900794bd3e1c974ebb8235bed7ed2f54ddcc8a4489cfd41228461087e4

  • SSDEEP

    1572864:6+PWbPoz0ZoBzCTaorbRx8CCIK+BQVcYVXP/RGvB5klUQTAO5n4D7h5pXk:4bnk1oXK1KQVcYVX6klU0Aqa7PZk

Score
10/10
hijackloaderstealcmeowsterioland4discoveryloaderstealer

Malware Config

Extracted

Family

stealc

Botnet

meowsterioland4

C2

http://46.8.238.240

Attributes
  • url_path

    /201a735ed890db75.php

Targets

    • Target

      TidyMe.bin

    • Size

      71.6MB

    • MD5

      3bf79b657c35c672751d980213baaaf1

    • SHA1

      4cf7d2d660110ab44fba2f564bcb3ce40b026807

    • SHA256

      6b30a6026b7cc60a3cce4db9ae2461af86c3a0ec81d29c3397cfad69b7878754

    • SHA512

      5442964091322e4ca8f3fbb327dab27647af3762cef0f2aaa8cab33ee0ceaa73f59ad2e5593bcdb48c49e5ed9027970f24cf0a0a4b90b8681ae76abe11f40757

    • SSDEEP

      1572864:gePkJopD1LOyqK3yf555SMbDaanxGb8zL5VWtUYv6f87M+mTnMpcOqD:ge3pDkKQj5DmanxGSL5VWWhfmMBMpcDD

    Score
    10/10
    discoveryhijackloaderstealcmeowsterioland4loaderstealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/app-64.7z

    • Size

      70.7MB

    • MD5

      3ffffd470f1dd6b44a52ae29a9bd105c

    • SHA1

      dcabc58eb8c156c2b79053cc710e2a9b820c112d

    • SHA256

      adc513c48cd959732f95a403b623a3e3103e82531be23c842a36b9cfc5966529

    • SHA512

      0f35e0e012c0459623a262fb65cad470d23e04c23c5b9a29986f974bbab8b63048f2014b2049568a4deaa9a38531ee48700ba8eeeea0d64cef9cff6cee80a478

    • SSDEEP

      1572864:zPkJopD1LOyqK3yf555SMbDaanxGb8zL5VWtUYv6f87M+mTnMpcOqG:z3pDkKQj5DmanxGSL5VWWhfmMBMpcDG

    Score
    3/10
    behavioral10behavioral9

    • Target

      LICENSE.electron.txt

    • Size

      1KB

    • MD5

      4d42118d35941e0f664dddbd83f633c5

    • SHA1

      2b21ec5f20fe961d15f2b58efb1368e66d202e5c

    • SHA256

      5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

    • SHA512

      3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

    Score
    1/10
    behavioral11behavioral12

    • Target

      LICENSES.chromium.html

    • Size

      6.5MB

    • MD5

      796505037e030807d9ddd01c93eb353b

    • SHA1

      79a1eac3b505e6d94a6206d4a5198d3cc11ab038

    • SHA256

      9f3f2b4d9bbd3113486839eca85de119fab766450cdca08a4574b80748885708

    • SHA512

      9435273a4541a579a427a295be47af8b81133896f50c97bab1d8ab391089f90186a7fd057b53e8b74829e4747e98428d8b4d242eb6854b1304a94a2891c2fd11

    • SSDEEP

      24576:8Pjy5WjWSpgDrAV8gmfwN6i6w6C6g6T+gH3BMbp0W:oJDN

    Score
    1/10
    behavioral13behavioral14

    • Target

      TidyMe.exe

    • Size

      150.7MB

    • MD5

      0771b3d0b51d227be62e2e61275cf43e

    • SHA1

      005e0fca1a0712cc244a7c95e6e8e06b6df79ba5

    • SHA256

      db3298bb7f3637c5fbbf9370cc5dafdde8f4f4e51c3377ded584cbb373a15e74

    • SHA512

      bd3556ddb142f8fd066e4a6aa52849c980b7121d7746db97376804cbac937ff3e41807a02d65f92cd48098f2a1ffe6b9c23046d087128bdf62f3b5cf58360308

    • SSDEEP

      1572864:PlAhthKM29V6LLWANUB9IinJn1cpGN4vM+JlhrZnQ9I4FdUrczKrk4Ze2OC2+:ktSD64Jnqrt5v2

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral15behavioral16

    • Target

      chrome_100_percent.pak

    • Size

      126KB

    • MD5

      d31f3439e2a3f7bee4ddd26f46a2b83f

    • SHA1

      c5a26f86eb119ae364c5bf707bebed7e871fc214

    • SHA256

      9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

    • SHA512

      aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

    • SSDEEP

      3072:5KzwqCT4waJL2myFhPNL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:5Kzwt4LwmU3K18Gb0OV8ld0GecQ3f2

    Score
    3/10
    behavioral17behavioral18

    • Target

      chrome_200_percent.pak

    • Size

      175KB

    • MD5

      5604b67e3f03ab2741f910a250c91137

    • SHA1

      a4bb15ac7914c22575f1051a29c448f215fe027f

    • SHA256

      1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

    • SHA512

      5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

    • SSDEEP

      3072:+DQYaEQN6AJPRJL2myFhPNafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:+DQYaNN68RwmU0gx5GMRejnbdZnVE6YR

    Score
    3/10
    behavioral19behavioral20

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      cb9807f6cf55ad799e920b7e0f97df99

    • SHA1

      bb76012ded5acd103adad49436612d073d159b29

    • SHA256

      5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

    • SHA512

      f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

    • SSDEEP

      49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI

    Score
    1/10
    behavioral21

    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      00ffabbb9438a0da15a021451a9c2d0d

    • SHA1

      4bb79fe2b09962c6c46b70d7dfb1f9d9604a22dc

    • SHA256

      aad7e7ac9d74ac18892801950c9728e9c4eacd3b676cbb5d6f63382da2ce0559

    • SHA512

      989d8d0afd3ce64c65a90d1046f28b19e5b125f8b5a565b76b8c950d152d3b9a57d68126888321c7cd8a4985249c1ec649c453e7501aaa4ff60d9662afd85f34

    • SSDEEP

      49152:cqMAAYNDEmcTfAZMHkwfPYX6Edxhi1uGaVrFY7Q9b5hpN3lzl3hHLNoJX:cGDfRMHR8rFYU5hNA

    Score
    1/10
    behavioral22behavioral23

    • Target

      icudtl.dat

    • Size

      10.0MB

    • MD5

      76bef9b8bb32e1e54fe1054c97b84a10

    • SHA1

      05dfea2a3afeda799ab01bb7fbce628cacd596f4

    • SHA256

      97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

    • SHA512

      7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

    • SSDEEP

      196608:p5zwSv9AAyse6liXUxCGZHa93Whlw6ZCXU0:pyKlysTliXUxCGZHa93Whlw6ZCX1

    Score
    3/10
    behavioral24behavioral25

    • Target

      libEGL.dll

    • Size

      473KB

    • MD5

      ef4291ace01485ee773183ee3c1ed5c4

    • SHA1

      9c9d32813a733ebceb25c0dbb9f85ef27f6e0a0f

    • SHA256

      85f238fb7ace3cbdf7c29c72b01307c440f13491b07a509cbc5b9f257a637164

    • SHA512

      a98bfe1845a712943687f0b20d1904bae1b6836ea37f8a2053872f938dceb2f391fadd3db034c0b8563c0b1ab3d4506d13b613ed51780ef10e813c085c830f82

    • SSDEEP

      6144:VTv0fq4dz9B4x4w/jvtGW9ZST3BypG48yOnb4pgsHVlAYnReZRO8:VTN4dNw/jvtGW9c3BypaagYnKRO

    Score
    1/10
    behavioral26behavioral27

    • Target

      libGLESv2.dll

    • Size

      7.2MB

    • MD5

      60e42e83b260582fc96aaf43293d99e1

    • SHA1

      c548a10873f9a57e18c7fbb1fe89685f4cf1ba84

    • SHA256

      25d49934fc220b169cadeb21fc99dc2a8fb1dd5a4f244265799392f0f5f2f8f8

    • SHA512

      6a905e2b9427fb6e4a53080afdc2ae9dc32c54aab5460f88f7d3fd16e7e9a841d332057f58942d54defe91361a54d3cbedba295399cead754f353f80f92f238b

    • SSDEEP

      49152:Rs95E5fqF3q/xEpLJgw7yQj1+lSWsucneTA4fwEmN428bbvbgNqay6q/iyGtxJe5:2lq3ZieHhogDbBztUecv7r7frgsOMG

    Score
    1/10
    behavioral28behavioral29

    • Target

      locales/af.pak

    • Size

      340KB

    • MD5

      198092a7a82efced4d59715bd3e41703

    • SHA1

      ac3cdfba133330fce825816b2f9579ac240dc176

    • SHA256

      d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba

    • SHA512

      590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

    • SSDEEP

      6144:ptbDrUln/WiOvz9P5D4uEmv0XPjC6nAcbaK6pgwwexhsVxS42K6tA3pU5tpwDw44:ptfOOiOvzg/mCPjC6nAcbipgwwePSS4C

    Score
    3/10
    behavioral30behavioral31

    • Target

      locales/am.pak

    • Size

      551KB

    • MD5

      952933d2d388683c91ee7eaa7539e625

    • SHA1

      7a0f5a10d7d61c32577c0d027db8c66c27e56c7d

    • SHA256

      55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504

    • SHA512

      5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d

    • SSDEEP

      12288:WcWln6HuPPL8xJTgWHsEaYM5g9yaAVmHukPQyx30jH8+I:WR6YL8xOWHbaYM5g9yaAVmvPQ+

    Score
    3/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

hijackloaderstealcmeowsterioland4discoveryloaderstealer
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
7/10

behavioral16

Score
7/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10