General

  • Target

    2024-11-16_c3968e6090d03e52679657e1715ea39a_hijackloader_luca-stealer_magniber_revil

  • Size

    21.2MB

  • Sample

    241116-bwst7axdlq

  • MD5

    c3968e6090d03e52679657e1715ea39a

  • SHA1

    2332b4bfd13b271c250a6b71f3c2a502e24d0b76

  • SHA256

    4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4

  • SHA512

    f4908cce3e77a19bcbdc54487e025868cbd2c470b796edbf4a28aebc56cb9212019496f32eb531787de2ca9e8af0aedab2fde3d7aecee9e6a3fe3f5e4ce7670a

  • SSDEEP

    393216:je7BF/tD2wWvD+MDbuWXQ+RKljvXWfY5Ri2r/5LucDlAgXouXHONQZ94ut4:i7vtD2wWvDNKWg+RKljRDz5LfD7mw4

Malware Config

Targets

    • Target

      2024-11-16_c3968e6090d03e52679657e1715ea39a_hijackloader_luca-stealer_magniber_revil

    • Size

      21.2MB

    • MD5

      c3968e6090d03e52679657e1715ea39a

    • SHA1

      2332b4bfd13b271c250a6b71f3c2a502e24d0b76

    • SHA256

      4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4

    • SHA512

      f4908cce3e77a19bcbdc54487e025868cbd2c470b796edbf4a28aebc56cb9212019496f32eb531787de2ca9e8af0aedab2fde3d7aecee9e6a3fe3f5e4ce7670a

    • SSDEEP

      393216:je7BF/tD2wWvD+MDbuWXQ+RKljvXWfY5Ri2r/5LucDlAgXouXHONQZ94ut4:i7vtD2wWvDNKWg+RKljRDz5LfD7mw4

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks