General
-
Target
facturagm-27725407957355783426.zip
-
Size
49.2MB
-
Sample
241009-stsvvaxhjj
-
MD5
79e9ed02ff9d617c1732776ff596f47a
-
SHA1
9e3dd3c140198fc5ff080dec7d610f5bb04d2e4a
-
SHA256
48fa854012e6abef23589909ec3293efc3df0ab2b5ef4406ccaf7ee0b68464c6
-
SHA512
7b418b82b6f8b7fb165ee2ca3a014ce94bd229a10d11fc141be8dea47a728e04670cfa795757d0ea6bf127db13952c4e4b1bc4ec3f25f623a5f108734b76d241
-
SSDEEP
1572864:4ltjOLVis6A90iwyhwLmWaBOZF+QLr45/rby0:4ltjORX9VnqaBOj96/Xy0
Malware Config
Targets
-
-
Target
facturagm-27725407957355783426.zip
-
Size
49.2MB
-
MD5
79e9ed02ff9d617c1732776ff596f47a
-
SHA1
9e3dd3c140198fc5ff080dec7d610f5bb04d2e4a
-
SHA256
48fa854012e6abef23589909ec3293efc3df0ab2b5ef4406ccaf7ee0b68464c6
-
SHA512
7b418b82b6f8b7fb165ee2ca3a014ce94bd229a10d11fc141be8dea47a728e04670cfa795757d0ea6bf127db13952c4e4b1bc4ec3f25f623a5f108734b76d241
-
SSDEEP
1572864:4ltjOLVis6A90iwyhwLmWaBOZF+QLr45/rby0:4ltjORX9VnqaBOj96/Xy0
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
HijackLoader
HijackLoader is a multistage loader first seen in 2023.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1