Extracted

• • Target

    updateload.bin.exe

  • Size

    7.1MB

  • MD5

    f6c26e56c21e80ece28c34c1491cd173

  • SHA1

    2cb59f35292b92d79c6a4c569c58b5871bd9bf94

  • SHA256

    a88e34617a82ee8f03c33ded79042a0d8f4655daf4de40d819e74448f9c34fc1

  • SHA512

    2228aa271ca678d7db627a39f8affcdc7266123ddd99da357b60a37d0b77a2a78509184a3cc302064a88ba225dee61ba43e4ae7e64546cc816845d92ad15b5b6

  • SSDEEP

    98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJLzEw5blkyD9OQUYn:Yi68xQ+zLJOZwjgZbeB0Yn

  Score

  10^/10

  hijackloaderstealcmeowsterioland3credential_accessdiscoveryloaderspywarestealer

  • Detects HijackLoader (aka IDAT Loader)

  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Downloads MZ/PE file

  • Deletes itself

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2