General

  • Target

    LisectAVT_2403002A_207.exe

  • Size

    5.4MB

  • Sample

    240724-3v7qhavcqq

  • MD5

    af0196851c9279e5260a065bb8f0303a

  • SHA1

    9fc63107b27e24184e0b28a717639f6ba590ac3e

  • SHA256

    78e428ffa6d4bbcd4306de8f487d58316193cf7e6f56fca39e32859c2920b782

  • SHA512

    211106407975ae5b7fef0cb6ee94137308e01bd6036243730a99f89f5b94c65ef3a90b57b3ea6f7d86b1ebf15220197e971b11666f7b97c742c4d985bf9dac3b

  • SSDEEP

    98304:tNe3owTB0iX3gFtwFmvS/1wPVeBEecJkUv6LzS3vv3jirr3jjWiTaOvifviOr8IG:tU3owTB9X3atwFk1VeBEeEkTbI0nctaP

Malware Config

Targets

    • Target

      LisectAVT_2403002A_207.exe

    • Size

      5.4MB

    • MD5

      af0196851c9279e5260a065bb8f0303a

    • SHA1

      9fc63107b27e24184e0b28a717639f6ba590ac3e

    • SHA256

      78e428ffa6d4bbcd4306de8f487d58316193cf7e6f56fca39e32859c2920b782

    • SHA512

      211106407975ae5b7fef0cb6ee94137308e01bd6036243730a99f89f5b94c65ef3a90b57b3ea6f7d86b1ebf15220197e971b11666f7b97c742c4d985bf9dac3b

    • SSDEEP

      98304:tNe3owTB0iX3gFtwFmvS/1wPVeBEecJkUv6LzS3vv3jirr3jjWiTaOvifviOr8IG:tU3owTB9X3atwFk1VeBEeEkTbI0nctaP

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks