Extracted

• • Target

    Ravion.exe

  • Size

    49.7MB

  • MD5

    a88316d4c2e9a42e7b301bc295781793

  • SHA1

    aa0079be546b312a2dbe8b5a92666c9298474164

  • SHA256

    63e5a6fedf34169383b050dc321dd9e13ef9d37938ea737e45726059e852d7a0

  • SHA512

    4975426215db50165d76405843944087ce24630b89966f63f0190a0538ebea1ee4be996b29f00047b80ba767a8f6edd7e23e1e8f734e3de09b37c5d4c11011f0

  • SSDEEP

    1572864:Hnx/dfByIQZBIvqA2fmb+DXz7o1Yca05xesr:HxlfB+C2fmbCo1dz5UA

  Score

  10^/10

  discoveryhijackloaderstealcsneprivate5credential_accessexecutionloaderspywarestealer

  • Detects HijackLoader (aka IDAT Loader)

  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2