General
-
Target
2024-11-17_91563396f82674c0b8a13a5bd4faa2cc_hijackloader_luca-stealer_magniber
-
Size
6.8MB
-
Sample
241117-swqhhasgqd
-
MD5
91563396f82674c0b8a13a5bd4faa2cc
-
SHA1
becfde376e3053a2593640e8fbb743890077ed07
-
SHA256
c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0
-
SHA512
07ee5e4084c24885ce735e93c314700dfaad96bf1b65e63a36a9c14c9f91a14fb6d4e26a534627e6a0df9416ce6a80f0539af3e50d5606489638a36b6da95e09
-
SSDEEP
98304:Mcv+QirHeUqMuUP0vjg9bJnAVxlVvq0waHsdRblAH4qPSAupG+udFJp0:HpirHeUqOYkJSqcHsdRbgPQpB83a
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-17_91563396f82674c0b8a13a5bd4faa2cc_hijackloader_luca-stealer_magniber.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
2024-11-17_91563396f82674c0b8a13a5bd4faa2cc_hijackloader_luca-stealer_magniber.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-11-17_91563396f82674c0b8a13a5bd4faa2cc_hijackloader_luca-stealer_magniber
-
Size
6.8MB
-
MD5
91563396f82674c0b8a13a5bd4faa2cc
-
SHA1
becfde376e3053a2593640e8fbb743890077ed07
-
SHA256
c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0
-
SHA512
07ee5e4084c24885ce735e93c314700dfaad96bf1b65e63a36a9c14c9f91a14fb6d4e26a534627e6a0df9416ce6a80f0539af3e50d5606489638a36b6da95e09
-
SSDEEP
98304:Mcv+QirHeUqMuUP0vjg9bJnAVxlVvq0waHsdRblAH4qPSAupG+udFJp0:HpirHeUqOYkJSqcHsdRbgPQpB83a
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1