Extracted

• • Target

    56078814b6ce3536d4a4040e5dc3840a.exe

  • Size

    3.7MB

  • MD5

    56078814b6ce3536d4a4040e5dc3840a

  • SHA1

    da7c81230f212e32dfc62de9114a4d0fb1c5930d

  • SHA256

    55747e5ff5b95088ace5e7b529bd1c0190acf8c23bd4c20f215c42b023238852

  • SHA512

    e00bce379212438e501e2f027aadddbf8a07fd1b9a18b8cc3b0f8e2323a0010ba0dffee584889d1bfbc13e662b86ffac5911b2c17163abb1531387c36ef56251

  • SSDEEP

    98304:A6+OyDN0KCiRrvf7aKpePMcDLEj2Jel4iUf:sOyrrvf7AE23ellm

  Score

  10^/10

  hijackloaderstealcxprivate28credential_accessdiscoveryloaderstealerspyware

  • Detects HijackLoader (aka IDAT Loader)

  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader

  • Hijackloader family

    hijackloader

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Deletes itself

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2