hijackloader | eed11e118470e6c53e146514029694e8cff135f02624782cfc48f9f1d2eb10ea | Triage

Submit
Reports

Overview

overview

Static

static

0x000c0000...63.exe

windows7-x64

0x000c0000...63.exe

windows10-2004-x64

Sharing

General

Target

updateload.exe_pw_infected.zip
Size

3.2MB
Sample

240804-shs2gasejb
MD5

dd018fa1b27702d4143334c521ebd271
SHA1

24e0c1cba534afa6acfc5bed65caa45b119b1993
SHA256

eed11e118470e6c53e146514029694e8cff135f02624782cfc48f9f1d2eb10ea
SHA512

18450c372704fa5c53e80187b5600519091d4f6ad7051a107b6bb53f56fb74c3407162a3c5ec6c3351efb75687335aedda1e4de1aa26eaeaa42991facd2093b3
SSDEEP

98304:WH1c3+BKVmvQpwmfXZQhYbMI+cPKyh9ZtswbddHga9:WH6+BKAQemfJQ2d+cPVfnbdFj9

Score

10^/10

hijackloader stealc meowsterioland3 credential_access discovery loader spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x000c0000000234ed-1063.exe

Resource

win7-20240708-en

hijackloader stealc meowsterioland3 credential_access discovery loader spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000c0000000234ed-1063.exe

Resource

win10v2004-20240802-en

hijackloader stealc meowsterioland3 credential_access discovery loader spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

meowsterioland3

C2

http://45.152.112.131

Attributes

url_path
/8ee66a3c8f19e4b5.php

Targets

- Target
  
  0x000c0000000234ed-1063
- Size
  
  7.1MB
- MD5
  
  f6c26e56c21e80ece28c34c1491cd173
- SHA1
  
  2cb59f35292b92d79c6a4c569c58b5871bd9bf94
- SHA256
  
  a88e34617a82ee8f03c33ded79042a0d8f4655daf4de40d819e74448f9c34fc1
- SHA512
  
  2228aa271ca678d7db627a39f8affcdc7266123ddd99da357b60a37d0b77a2a78509184a3cc302064a88ba225dee61ba43e4ae7e64546cc816845d92ad15b5b6
- SSDEEP
  
  98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJLzEw5blkyD9OQUYn:Yi68xQ+zLJOZwjgZbeB0Yn
Score

10^/10

hijackloader stealc meowsterioland3 credential_access discovery loader spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hijackloaderstealcmeowsterioland3credential_accessdiscoveryloaderspywarestealer

behavioral2

hijackloaderstealcmeowsterioland3credential_accessdiscoveryloaderspywarestealer

© 2018-2024

Terms | Privacy