Overview

overview

10

Static

static

3

PartyWorld.exe

windows7-x64

10

PartyWorld.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PartyWorld.exe.zip

  • Size

    71.0MB

  • Sample

    240801-zesd4azglh

  • MD5

    5db57012914cdc754ae281adb6d3ce56

  • SHA1

    34c737eb2ad7332ad139f1bc5774b4bfa78acbdf

  • SHA256

    36e76789ad487eb20044a1b7f80cf3f5e96037221f2122a2d6e68b77388c5e4c

  • SHA512

    9fd1866cc61abcbcf1149b0ec21215e6950237b9437e22235f0b0cb22f3b7fcfa6e837a333c8e7f536a315d8a14ea1b74a32ec7b25a17ee55be133586bee351a

  • SSDEEP

    1572864:wQXumZL5ok9OcZtYFj2aAUJ3uDsbuJ4GZrg3G97BF:ZumZdDUOYFjxAEuDau4GNgw/

Score
10/10
hijackloaderstealcmeowsterioland1credential_accessdiscoveryloaderspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

meowsterioland1

C2

http://45.152.112.131

Attributes
  • url_path

    /8ee66a3c8f19e4b5.php

Targets

    • Target

      PartyWorld.exe

    • Size

      71.2MB

    • MD5

      0defc6f478324d079a54245f147a0680

    • SHA1

      94513265b2448ebd88f8afc0ce77fd27a523f016

    • SHA256

      5528e226b747abad7e843e6d7f92f48dda13f626a766285b2e889bd8fc746b12

    • SHA512

      68c9a3680f5e1b92f0e386af62257ba53242d725b36db3302f868ad1f29471b1603e85a85ff61bcaaa1d9b75c596456f8a1837c81ed1d66b3a72e337fbb92f03

    • SSDEEP

      1572864:C8PkJopdGml3yf5C8wuiNwiwj3CT3JCO+IsuzW0u5KkkacMqk:C83pdGmlQe5Nwhj30Jf1NCKrac5k

    Score
    10/10
    hijackloaderstealcmeowsterioland1discoveryloaderstealercredential_accessspyware

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks