General
-
Target
updateload.exe_pw_infected.zip
-
Size
3.2MB
-
Sample
240804-shs2gasejb
-
MD5
dd018fa1b27702d4143334c521ebd271
-
SHA1
24e0c1cba534afa6acfc5bed65caa45b119b1993
-
SHA256
eed11e118470e6c53e146514029694e8cff135f02624782cfc48f9f1d2eb10ea
-
SHA512
18450c372704fa5c53e80187b5600519091d4f6ad7051a107b6bb53f56fb74c3407162a3c5ec6c3351efb75687335aedda1e4de1aa26eaeaa42991facd2093b3
-
SSDEEP
98304:WH1c3+BKVmvQpwmfXZQhYbMI+cPKyh9ZtswbddHga9:WH6+BKAQemfJQ2d+cPVfnbdFj9
Behavioral task
behavioral1
Sample
0x000c0000000234ed-1063.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0x000c0000000234ed-1063.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
stealc
meowsterioland3
http://45.152.112.131
-
url_path
/8ee66a3c8f19e4b5.php
Targets
-
-
Target
0x000c0000000234ed-1063
-
Size
7.1MB
-
MD5
f6c26e56c21e80ece28c34c1491cd173
-
SHA1
2cb59f35292b92d79c6a4c569c58b5871bd9bf94
-
SHA256
a88e34617a82ee8f03c33ded79042a0d8f4655daf4de40d819e74448f9c34fc1
-
SHA512
2228aa271ca678d7db627a39f8affcdc7266123ddd99da357b60a37d0b77a2a78509184a3cc302064a88ba225dee61ba43e4ae7e64546cc816845d92ad15b5b6
-
SSDEEP
98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJLzEw5blkyD9OQUYn:Yi68xQ+zLJOZwjgZbeB0Yn
-
Detects HijackLoader (aka IDAT Loader)
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-