Extracted

• • Target

    Segwit_Setup.exe

  • Size

    47.7MB

  • MD5

    a22d71549d6b60c8c270503f585530ec

  • SHA1

    0cb40b824f878a46e7bd55498331f2b87ddd6b25

  • SHA256

    7c6543af2eea8ed933e0898bdbcfc642f0c11bece904b366ca939da9e76465eb

  • SHA512

    165feee79662d7e37ac9224e6063cea9c37925927aa71065bad9dfb4f44a281cd96fbe243591f1ea731106b5a3031e26f4afc1b164ce8abe9a0d8e4f8af7593a

  • SSDEEP

    786432:Iw9nwUuATGdMdG57ASI6ul9TnG2A3sVZqqOssBefetRKssh8BzyQUeaN5M7LZUi7:IAwUu+GdMd+E6ul9Tr0sVZ8x84tzyQUo

  Score

  10^/10

  hijackloaderstealcdoralands2credential_accessdiscoveryexecutionloaderspywarestealer

  • Detects HijackLoader (aka IDAT Loader)

  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2