hijackloader | 92a218b4b6cbd696cb07698a2da0fc8578ad1f966a88509e25db827fe85a2920 | Triage

Submit
Reports

Overview

overview

Static

static

updateload.exe

windows10-2004-x64

Sharing

General

Target

updateload.exe
Size

3.1MB
Sample

240805-gmmvgasekb
MD5

4c5dbf388f5de761e45f268186f8be27
SHA1

918b198ad13af4c52b4518ff22a2a032e86e3679
SHA256

92a218b4b6cbd696cb07698a2da0fc8578ad1f966a88509e25db827fe85a2920
SHA512

4f9331107ec172cd3caa767a2af3e9f18e85ccf71b725be4bfbb0e83dcaf40d8e10581531a709227a6135efae8531a9d55bc22b32c0a8eaafdd8adc4c736dc94
SSDEEP

49152:DUvC/MTQYNsWy9aRV0NmZfClF/sKkTUD6CsRBJgsoDDeA:IjTQYNsWy6FClFUKkwWRBSpDDeA

Score

10^/10

hijackloader stealc meowsterioland4 credential_access discovery loader spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

updateload.exe

Resource

win10v2004-20240802-en

hijackloader stealc meowsterioland4 credential_access discovery loader spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

meowsterioland4

C2

http://45.152.112.131

Attributes

url_path
/8ee66a3c8f19e4b5.php

Targets

- Target
  
  updateload.exe
- Size
  
  3.1MB
- MD5
  
  4c5dbf388f5de761e45f268186f8be27
- SHA1
  
  918b198ad13af4c52b4518ff22a2a032e86e3679
- SHA256
  
  92a218b4b6cbd696cb07698a2da0fc8578ad1f966a88509e25db827fe85a2920
- SHA512
  
  4f9331107ec172cd3caa767a2af3e9f18e85ccf71b725be4bfbb0e83dcaf40d8e10581531a709227a6135efae8531a9d55bc22b32c0a8eaafdd8adc4c736dc94
- SSDEEP
  
  49152:DUvC/MTQYNsWy9aRV0NmZfClF/sKkTUD6CsRBJgsoDDeA:IjTQYNsWy6FClFUKkwWRBSpDDeA
Score

10^/10

hijackloader stealc meowsterioland4 credential_access discovery loader spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hijackloaderstealcmeowsterioland4credential_accessdiscoveryloaderspywarestealer

© 2018-2024

Terms | Privacy