hijackloader | 1a2270547fa3f0c903a5eca3318b380be5e5318d748c29b57c1ba657ac66f590 | Triage

Submit
Reports

Overview

overview

Static

static

snss1.exe

windows7-x64

snss1.exe

windows10-2004-x64

Sharing

General

Target

snss1.zip
Size

1.6MB
Sample

240806-a4scysxfmh
MD5

0cc14b0fba96ba1f45223d3f5b682bdb
SHA1

2988280081aa9718c73e6e18a76f3739bbe2629c
SHA256

1a2270547fa3f0c903a5eca3318b380be5e5318d748c29b57c1ba657ac66f590
SHA512

97f302b211b973e0fef5fb81fe85ba4e55810741489b5980fede73547d373d5c7cb51ac8ffbb563285b90c3c94d16281c215611f1128673c7d9470a594cbac9b
SSDEEP

24576:RNFjzbVZsD10uwuj7LlQRjGQXuB6k0uBFzQlpZIsaDqCCbYlDdnUzPOwX:3Jg0AjmZ+okhz8CuWDazPOwX

Score

10^/10

hijackloader stealc wasp4 credential_access discovery loader spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

snss1.exe

Resource

win7-20240708-en

hijackloader stealc wasp4 credential_access discovery loader spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

snss1.exe

Resource

win10v2004-20240802-en

hijackloader stealc wasp4 credential_access discovery loader spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

stealc

Botnet

wasp4

C2

http://45.152.112.103

Attributes

url_path
/1cf3aa1810feeb67.php

Targets

- Target
  
  snss1.exe
- Size
  
  3.0MB
- MD5
  
  33b57a0801027e2850d708a8418fab81
- SHA1
  
  025970a55f120a20c90ca646fe48ac315482b16b
- SHA256
  
  2126e2d225b9b38190cba5627877bccabc5da5f57443731c8ee292eecec51091
- SHA512
  
  50a7c77f3e00715b5efb6c6501856849636f428baf1fd50ab48da507685d19f4bfd27350048501833d5a6e5a81e37bea2f4d584c4413ef40b46863057c49ce65
- SSDEEP
  
  49152:+UvC/MTQYNsWy7aKVN/vndlsKwxEO0YTUD6CsRBJgsoDDeQ:VjTQYNsWy3NndlsdEO0YwWRBSpDDeQ
Score

10^/10

hijackloader stealc wasp4 credential_access discovery loader spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hijackloaderstealcwasp4credential_accessdiscoveryloaderspywarestealer

behavioral2

hijackloaderstealcwasp4credential_accessdiscoveryloaderspywarestealer

© 2018-2024

Terms | Privacy