2025-01-27_602070ae5ec3d8265688aa4db1ead1df_hijackloader_luca-stealer_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-27_602070ae5ec3d8265688aa4db1ead1df_hijackloader_luca-stealer_magniber
Size

9.1MB
MD5

602070ae5ec3d8265688aa4db1ead1df
SHA1

27dcf05d65298fe28704e3151f23c1f7c76fc7f0
SHA256

885c02498104c9ed9ac3938ef4ce00a28dadb128ed44070feb90520106d83b40
SHA512

566c76cfb5b23fd23587512c082d7e828e81abd94363f9061ee112c8564c36ee6af6913d041c3f36e50e75fae08ad0b8bd4aa81a9a5000fe28e350cb5ac0758b
SSDEEP

98304:4Di4XBJS4RdkBFI/SmxEPGfk/uXW3P8wISp:4mQnUFIIgEP8wIa

Score

1^/10

Malware Config

Signatures

Files

2025-01-27_602070ae5ec3d8265688aa4db1ead1df_hijackloader_luca-stealer_magniber
.exe windows:5 windows x86 arch:x86

c07b4ca57199df0c9defc247850dc64d

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:17:b4:c6:10:0e:7f:d4:15:6c:5f:01
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/10/2024, 07:05

Not After

17/10/2026, 07:05

Subject

SERIALNUMBER=202431257D,CN=REMOTE UTILITIES PTE. LTD.,O=REMOTE UTILITIES PTE. LTD.,L=Singapore,ST=Singapore,C=SG,1.2.840.113549.1.9.1=#0c18696e666f4072656d6f74657574696c69746965732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025347,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:31:5d:41:fc:1f:55:9f:cf:34:35:2c:ae:05:d1:7c:a5:fe:a0:c1:3d:e9:d7:4e:ec:f4:ce:85:36:26:9b:d5
Signer

Actual PE Digest

b5:31:5d:41:fc:1f:55:9f:cf:34:35:2c:ae:05:d1:7c:a5:fe:a0:c1:3d:e9:d7:4e:ec:f4:ce:85:36:26:9b:d5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\repos\main\SSH2\Release\pdbs\stermc.pdb

Imports

ws2_32

htonl
WSACleanup
shutdown
closesocket
setsockopt
bind
listen
WSAEventSelect
ioctlsocket
WSAStringToAddressW
ntohs
accept
WSAEnumProtocolsW
WSCGetProviderPath
WSASocketW
connect
WSAEnumNetworkEvents
WSAGetOverlappedResult
WSARecv
WSASend
getsockname
htons
getservbyname
inet_addr
gethostbyname
getservbyport
gethostbyaddr
WSAGetLastError
inet_ntoa
WSASetLastError
ntohl
getpeername
WSAStartup

kernel32

GetConsoleOutputCP
GetACP
GetOEMCP
GetCPInfoExW
GetLocaleInfoW
GetFileType
GetFileSizeEx
WriteFile
IsDBCSLeadByteEx
ReadFile
TryEnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
CreateFileA
RtlCaptureStackBackTrace
FreeLibrary
GetCurrentProcess
VerSetConditionMask
GetSystemDirectoryW
LoadLibraryW
CompareStringW
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
GetConsoleTitleW
GetTempPathW
GetFullPathNameW
GetLongPathNameW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetComputerNameExW
GetEnvironmentVariableW
LocalAlloc
LocalSize
SystemTimeToFileTime
DeleteFileW
FlushFileBuffers
SetFilePointerEx
SetEndOfFile
FindClose
FoldStringW
GetSystemTimeAsFileTime
FileTimeToSystemTime
CreateDirectoryW
LoadLibraryExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleCP
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
SetFilePointer
OpenEventW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WaitNamedPipeW
SetHandleInformation
CreateNamedPipeW
ConnectNamedPipe
Sleep
MulDiv
CopyFileW
ProcessIdToSessionId
OutputDebugStringW
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
ReadConsoleInputA
ExitThread
FreeLibraryAndExitThread
HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetProcessHeap
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetStdHandle
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
FormatMessageW
lstrlenW
LocalFree
WaitForMultipleObjects
ReleaseMutex
InterlockedExchange
CreateThread
CreateMutexW
GetFileAttributesW
GetModuleFileNameW
GetModuleHandleExW
SwitchToThread
InterlockedCompareExchange
CreateProcessW
ResetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
DebugBreak
CancelIo
FillConsoleOutputCharacterW
WriteConsoleW
ReadConsoleW
ReadConsoleInputW
GetCurrentProcessId
SetConsoleScreenBufferSize
GetLargestConsoleWindowSize
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleWindowInfo
MoveFileExW
GetFileSize
WaitForMultipleObjectsEx
IsDebuggerPresent
SetConsoleTitleW
WriteConsoleOutputW
SetConsoleCursorPosition
DeleteCriticalSection
DecodePointer
ScrollConsoleScreenBufferW
RaiseException
CloseHandle
ReadConsoleOutputW
SetEvent
GetLastError
CreateEventW
CreateFileW
CreateConsoleScreenBuffer
InitializeCriticalSectionAndSpinCount
SetConsoleActiveScreenBuffer
GetCommandLineW
SetConsoleTextAttribute
SetLastError
GetConsoleScreenBufferInfo
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetOverlappedResult
GetLocalTime
SetConsoleCtrlHandler
ExpandEnvironmentStringsW

user32

GetProcessWindowStation
wsprintfA
MessageBoxA
CharLowerW
SendMessageW
GetKeyState
GetUserObjectInformationW
ReleaseDC
GetDC
FindWindowW
CharLowerBuffW
CallWindowProcW
RemovePropA
GetPropA
CharUpperW
DestroyIcon
MessageBoxW
GetSysColor

secur32

QuerySecurityPackageInfoA
VerifySignature
InitializeSecurityContextA
AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
InitializeSecurityContextW
MakeSignature
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
EnumerateSecurityPackagesA

userenv

GetUserProfileDirectoryW

gdi32

GetDeviceCaps
DeleteDC

advapi32

IsValidSid
CryptReleaseContext
CryptGenRandom
RegNotifyChangeKeyValue
GetTokenInformation
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetAclInformation
AddAccessAllowedAceEx
GetNamedSecurityInfoW
SetEntriesInAclW
LookupAccountSidW
InitializeSid
GetSidLengthRequired
CopySid
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetSidSubAuthority
OpenProcessToken
EqualSid
GetLengthSid
CryptAcquireContextA

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoTaskMemAlloc
CoTaskMemFree

iphlpapi

GetTcpTable

crypt32

CryptProtectData
CryptUnprotectData

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c07b4ca57199df0c9defc247850dc64d

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1b:17:b4:c6:10:0e:7f:d4:15:6c:5f:01Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b5:31:5d:41:fc:1f:55:9f:cf:34:35:2c:ae:05:d1:7c:a5:fe:a0:c1:3d:e9:d7:4e:ec:f4:ce:85:36:26:9b:d5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

secur32

userenv

gdi32

advapi32

shell32

ole32

iphlpapi

crypt32

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 121KB - Virtual size: 138KB

.tls Size: 512B - Virtual size: 153B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 656KB - Virtual size: 656KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1b:17:b4:c6:10:0e:7f:d4:15:6c:5f:01
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b5:31:5d:41:fc:1f:55:9f:cf:34:35:2c:ae:05:d1:7c:a5:fe:a0:c1:3d:e9:d7:4e:ec:f4:ce:85:36:26:9b:d5
Signer

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 121KB - Virtual size: 138KB

.tls
Size: 512B - Virtual size: 153B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 656KB - Virtual size: 656KB