hijackloader | c85830fe306de069caee5218dc8c8741b718ee8d9dd1975c91ce67b053db578e | Triage

Sharing

General

Target

mediafile.zip
Size

2.0MB
Sample

240919-rychzstgmk
MD5

d239d73b574c49b0087c81d3a4a47c71
SHA1

b2af37882a29f745f3e3ec7f0caf528ae4f13360
SHA256

c85830fe306de069caee5218dc8c8741b718ee8d9dd1975c91ce67b053db578e
SHA512

2ccba109d5ef44318f36c0b2d9674b007541bf2ea469af56246a1ffc7a911d8a31bbfeabfb908505838aa8eb39a9b749d3ded7acd87fd75dc4a06ff4050f0cc5
SSDEEP

49152:Cq7BCsx/Auf+HVjVGCTJu2BZaytCa4SuxpOJv:Cq9Fh8V3Ju2BfuOh

Score

10^/10

hijackloader stealc meowsterioland13 credential_access discovery loader spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

meowsterioland13

C2

http://194.36.170.210

Attributes

url_path
/26b01a4cb07d7322.php

Targets

- Target
  
  mediafile.exe
- Size
  
  3.7MB
- MD5
  
  be895bd5ac158111518ec50d41fcb871
- SHA1
  
  25bf30d6d13f93c762b6f341bc629c29d9722326
- SHA256
  
  1bcc15d694501be5846d278419ca76e86904fb83c0e2337a8fb18627a32204b4
- SHA512
  
  fc65be37f401b7f373a502e340a42fd07db22d16583de906067c73a04398b8d99ffdc8d427024168c34fca3da93c71273c9b3b46eab383f9e8ed809d59711716
- SSDEEP
  
  98304:wOCG4h7FiRe7WkAbJ0rCmIZDfNJBechU/dUq:3o7vWkwnmIZDfNJBegc
Score

10^/10

hijackloader stealc meowsterioland13 credential_access discovery loader spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hijackloaderstealcmeowsterioland13credential_accessdiscoveryloaderspywarestealer

behavioral2

hijackloaderstealcmeowsterioland13credential_accessdiscoveryloaderspywarestealer