Overview

overview

10

Static

static

10

5c1febd710...0N.exe

windows7-x64

10

5c1febd710...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c1febd710c36943efd0184ed5896500N.exe

  • Size

    5.8MB

  • Sample

    240816-nf7dvswbqj

  • MD5

    5c1febd710c36943efd0184ed5896500

  • SHA1

    543642a5deb9e6ae6fdd34becfd0a7604e4e5b71

  • SHA256

    7db476bac7c4fb519a57bf09e2da7b2919fcc915c38c198c2c2d19952527b3e0

  • SHA512

    bf16dd5dcbd633d97bfa4ce947a63e46ad71d228f8222efb72b5006d96874d0bfa9773cac11bce879aab5e34548c9b8e14a0615477d55b4f9b1ec6703665a6f6

  • SSDEEP

    98304:9k6fySOV4iCLKvGCbYfim50CrIG3JCa/ITE5kdVTGPYivZ:9k6qSOOiCOvGCs6x2rImkdeZ

Score
10/10
hijackloaderstealcwasp8credential_accessdiscoveryloaderspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

wasp8

C2

http://45.152.112.103

Attributes
  • url_path

    /1cf3aa1810feeb67.php

Targets

    • Target

      5c1febd710c36943efd0184ed5896500N.exe

    • Size

      5.8MB

    • MD5

      5c1febd710c36943efd0184ed5896500

    • SHA1

      543642a5deb9e6ae6fdd34becfd0a7604e4e5b71

    • SHA256

      7db476bac7c4fb519a57bf09e2da7b2919fcc915c38c198c2c2d19952527b3e0

    • SHA512

      bf16dd5dcbd633d97bfa4ce947a63e46ad71d228f8222efb72b5006d96874d0bfa9773cac11bce879aab5e34548c9b8e14a0615477d55b4f9b1ec6703665a6f6

    • SSDEEP

      98304:9k6fySOV4iCLKvGCbYfim50CrIG3JCa/ITE5kdVTGPYivZ:9k6qSOOiCOvGCs6x2rImkdeZ

    Score
    10/10
    hijackloaderstealcwasp8credential_accessdiscoveryloaderspywarestealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks