0154c4f510f40ca2aeba63df6b998f40c59dc787e50dec9e39e6baccbf2b7ae7 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

HMCL-3.5.8.249.jar

windows11-21h2-x64

8

Resubmissions

22/07/2024, 18:34

240722-w7qt7a1hnp 1

22/07/2024, 18:21

240722-wzj2nszhpe 8

Sharing

Copy URL Twitter E-mail

General

Target

HMCL-3.5.8.249.jar
Size

4.6MB
Sample

240722-wzj2nszhpe
MD5

d26a16de693a9fa841d2c64fb500f9c1
SHA1

6d6baf9f6b96526785659a5f940277e95d97252f
SHA256

0154c4f510f40ca2aeba63df6b998f40c59dc787e50dec9e39e6baccbf2b7ae7
SHA512

ad3e1ad02456e018b6c93ccab0759f4d978670c94e7e145d5449138efdc769ffab4e5820ca2fc257014fe344db05a6b66cc1f2a319ad95a8f40f651bca125997
SSDEEP

98304:ZL5ScSlFchZD9YIZMTAuOBiJMWz86ixcnQDlT5z/ni:ZwlShN9U0DcWWnQh9zK

Score

8^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

HMCL-3.5.8.249.jar

Resource

win11-20240709-en

spyware stealer

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  HMCL-3.5.8.249.jar
- Size
  
  4.6MB
- MD5
  
  d26a16de693a9fa841d2c64fb500f9c1
- SHA1
  
  6d6baf9f6b96526785659a5f940277e95d97252f
- SHA256
  
  0154c4f510f40ca2aeba63df6b998f40c59dc787e50dec9e39e6baccbf2b7ae7
- SHA512
  
  ad3e1ad02456e018b6c93ccab0759f4d978670c94e7e145d5449138efdc769ffab4e5820ca2fc257014fe344db05a6b66cc1f2a319ad95a8f40f651bca125997
- SSDEEP
  
  98304:ZL5ScSlFchZD9YIZMTAuOBiJMWz86ixcnQDlT5z/ni:ZwlShN9U0DcWWnQh9zK
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Modifies termsrv.dll
  Commonly used to allow simultaneous RDP sessions.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy