General

  • Target

    123

  • Size

    8.2MB

  • Sample

    240923-zwkqkstflh

  • MD5

    f675e62581b09ecb840416233c8460bc

  • SHA1

    b7a42ed4a3f13d13905d910f02147d8bdc040b2b

  • SHA256

    b4fed30b7d5c533ae1a553607630badbdc10aeacb612ff996e919d014bc2313c

  • SHA512

    3bebe82737757c606356cab8877aa7ece5304f7eebbff1695bc4f20502e981d9ce4551ad3492f7c5580bd06d94cd63cd70a8706d24e73ae52e55e38f0f9b9a8a

  • SSDEEP

    196608:ZEI9eJx7jQ/b7NuD4VuRS79tcM6vJKjJQQcrgUEr0NFMx3BWhp6D:ZEI9eXQ/b7NuD4VuRS79tczvJJQcrPEL

Malware Config

Extracted

Family

stealc

Botnet

benjiworld9

C2

http://5.188.86.71

Attributes
  • url_path

    /05feb00efef399f8.php

Targets

    • Target

      123

    • Size

      8.2MB

    • MD5

      f675e62581b09ecb840416233c8460bc

    • SHA1

      b7a42ed4a3f13d13905d910f02147d8bdc040b2b

    • SHA256

      b4fed30b7d5c533ae1a553607630badbdc10aeacb612ff996e919d014bc2313c

    • SHA512

      3bebe82737757c606356cab8877aa7ece5304f7eebbff1695bc4f20502e981d9ce4551ad3492f7c5580bd06d94cd63cd70a8706d24e73ae52e55e38f0f9b9a8a

    • SSDEEP

      196608:ZEI9eJx7jQ/b7NuD4VuRS79tcM6vJKjJQQcrgUEr0NFMx3BWhp6D:ZEI9eXQ/b7NuD4VuRS79tczvJJQcrPEL

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Stealc

      Stealc is an infostealer written in C++.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks