hijackloader | f153131a0345003fb62ab55701fc0a353640d21b0bc0b52a55270785f9106365 | Triage

Sharing

General

Target

msi (2).msi
Size

36.3MB
Sample

250409-qe1k2a1l19
MD5

dcbf686b0fc80544638f8366a856f1ab
SHA1

5b0b9433bb363fa6a9857722cc26fbc81cf05705
SHA256

f153131a0345003fb62ab55701fc0a353640d21b0bc0b52a55270785f9106365
SHA512

c0e03b3a5ce2c2b86f3984f65bd2968e433c54025dec1b1cbabe0e186ecd4c068178828be8dfbfaedfdbf53c90d817221afa65724259091031b12ae37be7ca0c
SSDEEP

393216:kDVtSjY/hI/kmWsC3Jpn+JSOCat4v8a970ODg0fw4d7FubFtoRhdPRB48XP:MVhFJbaFOD44QxtondPZ

Score

10^/10

hijackloader discovery spyware stealer

Malware Config

Extracted

Family

hijackloader

Attributes

directory
%APPDATA%\UltraNotepad_alpha
inject_dll
%windir%\SysWOW64\pla.dll

xor.hex

Targets

- Target
  
  msi (2).msi
- Size
  
  36.3MB
- MD5
  
  dcbf686b0fc80544638f8366a856f1ab
- SHA1
  
  5b0b9433bb363fa6a9857722cc26fbc81cf05705
- SHA256
  
  f153131a0345003fb62ab55701fc0a353640d21b0bc0b52a55270785f9106365
- SHA512
  
  c0e03b3a5ce2c2b86f3984f65bd2968e433c54025dec1b1cbabe0e186ecd4c068178828be8dfbfaedfdbf53c90d817221afa65724259091031b12ae37be7ca0c
- SSDEEP
  
  393216:kDVtSjY/hI/kmWsC3Jpn+JSOCat4v8a970ODg0fw4d7FubFtoRhdPRB48XP:MVhFJbaFOD44QxtondPZ
Score

6^/10

discovery spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer