General

  • Target

    3b28e3d07c4dd156f221c72f4f2b53ea.exe

  • Size

    1006KB

  • Sample

    240803-gqwa1szekc

  • MD5

    3b28e3d07c4dd156f221c72f4f2b53ea

  • SHA1

    c9f2ecb67b7ef1910af459d44386882d9238d72f

  • SHA256

    f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424

  • SHA512

    2e363e989868342043553f80a346fa82fe01cb4988111a037172fa8e031ed82951b7beb49a28f53617ec307b204eafc75d0d1c16296f5b026d4c00a04a2df4db

  • SSDEEP

    24576:fxj1COA6fYrK4O7+FZTYPhFrjuDl+QlclC:x1COZfT4O4ZTYX6Plc

Malware Config

Extracted

Family

stealc

Botnet

doralands23

C2

http://188.130.207.115

Attributes
  • url_path

    /8b4c5bd1ddc1cb18.php

Targets

    • Target

      3b28e3d07c4dd156f221c72f4f2b53ea.exe

    • Size

      1006KB

    • MD5

      3b28e3d07c4dd156f221c72f4f2b53ea

    • SHA1

      c9f2ecb67b7ef1910af459d44386882d9238d72f

    • SHA256

      f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424

    • SHA512

      2e363e989868342043553f80a346fa82fe01cb4988111a037172fa8e031ed82951b7beb49a28f53617ec307b204eafc75d0d1c16296f5b026d4c00a04a2df4db

    • SSDEEP

      24576:fxj1COA6fYrK4O7+FZTYPhFrjuDl+QlclC:x1COZfT4O4ZTYX6Plc

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Stealc

      Stealc is an infostealer written in C++.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks