General
-
Target
2025-01-19_07de39f432abc01d7f0ace453c8f5f32_hijackloader_jeefo_luca-stealer_magniber
-
Size
6.8MB
-
Sample
250119-ql79fsypgw
-
MD5
07de39f432abc01d7f0ace453c8f5f32
-
SHA1
5d92e8169afed37b93cafae7f6547f7d13f34b8b
-
SHA256
8761fbd5c112d08fbc5286705e01bd5734e50701072a65a2a71b9120f3c7912b
-
SHA512
88433c077c6656b36f563c3f5365b9cc385cd6c1e05129442aa838a792ddbcaef4d7ed5dc9127bccbe0232e1784ae0f450fa745c057743095fc5a44526d483e2
-
SSDEEP
98304:7bhh/YZhwrKUUOsfjQ5rWVNwyCsGq/5GABrgCQ20nLM8vPoDWAuwOP4n:7A3wrKUUnn9CKrgCQ66PKunP4n
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-19_07de39f432abc01d7f0ace453c8f5f32_hijackloader_jeefo_luca-stealer_magniber.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-01-19_07de39f432abc01d7f0ace453c8f5f32_hijackloader_jeefo_luca-stealer_magniber.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2025-01-19_07de39f432abc01d7f0ace453c8f5f32_hijackloader_jeefo_luca-stealer_magniber
-
Size
6.8MB
-
MD5
07de39f432abc01d7f0ace453c8f5f32
-
SHA1
5d92e8169afed37b93cafae7f6547f7d13f34b8b
-
SHA256
8761fbd5c112d08fbc5286705e01bd5734e50701072a65a2a71b9120f3c7912b
-
SHA512
88433c077c6656b36f563c3f5365b9cc385cd6c1e05129442aa838a792ddbcaef4d7ed5dc9127bccbe0232e1784ae0f450fa745c057743095fc5a44526d483e2
-
SSDEEP
98304:7bhh/YZhwrKUUOsfjQ5rWVNwyCsGq/5GABrgCQ20nLM8vPoDWAuwOP4n:7A3wrKUUnn9CKrgCQ66PKunP4n
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1