General
-
Target
PartyWorld.exe.zip
-
Size
71.0MB
-
Sample
240801-zesd4azglh
-
MD5
5db57012914cdc754ae281adb6d3ce56
-
SHA1
34c737eb2ad7332ad139f1bc5774b4bfa78acbdf
-
SHA256
36e76789ad487eb20044a1b7f80cf3f5e96037221f2122a2d6e68b77388c5e4c
-
SHA512
9fd1866cc61abcbcf1149b0ec21215e6950237b9437e22235f0b0cb22f3b7fcfa6e837a333c8e7f536a315d8a14ea1b74a32ec7b25a17ee55be133586bee351a
-
SSDEEP
1572864:wQXumZL5ok9OcZtYFj2aAUJ3uDsbuJ4GZrg3G97BF:ZumZdDUOYFjxAEuDau4GNgw/
Malware Config
Extracted
stealc
meowsterioland1
http://45.152.112.131
-
url_path
/8ee66a3c8f19e4b5.php
Targets
-
-
Target
PartyWorld.exe
-
Size
71.2MB
-
MD5
0defc6f478324d079a54245f147a0680
-
SHA1
94513265b2448ebd88f8afc0ce77fd27a523f016
-
SHA256
5528e226b747abad7e843e6d7f92f48dda13f626a766285b2e889bd8fc746b12
-
SHA512
68c9a3680f5e1b92f0e386af62257ba53242d725b36db3302f868ad1f29471b1603e85a85ff61bcaaa1d9b75c596456f8a1837c81ed1d66b3a72e337fbb92f03
-
SSDEEP
1572864:C8PkJopdGml3yf5C8wuiNwiwj3CT3JCO+IsuzW0u5KkkacMqk:C83pdGmlQe5Nwhj30Jf1NCKrac5k
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
HijackLoader
HijackLoader is a multistage loader first seen in 2023.
-
Stealc
Stealc is an infostealer written in C++.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Defense Evasion
Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2