General

  • Target

    2025-01-19_07de39f432abc01d7f0ace453c8f5f32_hijackloader_jeefo_luca-stealer_magniber

  • Size

    6.8MB

  • Sample

    250119-ql79fsypgw

  • MD5

    07de39f432abc01d7f0ace453c8f5f32

  • SHA1

    5d92e8169afed37b93cafae7f6547f7d13f34b8b

  • SHA256

    8761fbd5c112d08fbc5286705e01bd5734e50701072a65a2a71b9120f3c7912b

  • SHA512

    88433c077c6656b36f563c3f5365b9cc385cd6c1e05129442aa838a792ddbcaef4d7ed5dc9127bccbe0232e1784ae0f450fa745c057743095fc5a44526d483e2

  • SSDEEP

    98304:7bhh/YZhwrKUUOsfjQ5rWVNwyCsGq/5GABrgCQ20nLM8vPoDWAuwOP4n:7A3wrKUUnn9CKrgCQ66PKunP4n

Malware Config

Targets

    • Target

      2025-01-19_07de39f432abc01d7f0ace453c8f5f32_hijackloader_jeefo_luca-stealer_magniber

    • Size

      6.8MB

    • MD5

      07de39f432abc01d7f0ace453c8f5f32

    • SHA1

      5d92e8169afed37b93cafae7f6547f7d13f34b8b

    • SHA256

      8761fbd5c112d08fbc5286705e01bd5734e50701072a65a2a71b9120f3c7912b

    • SHA512

      88433c077c6656b36f563c3f5365b9cc385cd6c1e05129442aa838a792ddbcaef4d7ed5dc9127bccbe0232e1784ae0f450fa745c057743095fc5a44526d483e2

    • SSDEEP

      98304:7bhh/YZhwrKUUOsfjQ5rWVNwyCsGq/5GABrgCQ20nLM8vPoDWAuwOP4n:7A3wrKUUnn9CKrgCQ66PKunP4n

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks