General

  • Target

    Sēt-𝐔𝐏- !ŁAŤєST.7z

  • Size

    13.6MB

  • Sample

    250704-xn824adk8v

  • MD5

    416509d470761075fb21e2035e9607cd

  • SHA1

    b71d19852d2d6b105740adf8c67d7c315dec9136

  • SHA256

    a3d5e253b40cfdb39c025d9b08f036b54436d3637d1b87261a691ee5daf5f83f

  • SHA512

    e87d94ee605fa10a882742971a4874c46951b9bb6810040d9e1010f9d6ad2f56772847634471cef35d09ab428b9cacf9cf251261d841d6dcc4301a72e2ce54a9

  • SSDEEP

    393216:mbFquLF8RvKwDMWrmjUPnnueFZpY2hJ0a8fb8TmT:RoFgUxU2ypBIaziT

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\shtl

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      Setup.exe

    • Size

      5.0MB

    • MD5

      a6a3eb28af006be9d349760bce376184

    • SHA1

      359c88593c67793e3447d71e0b2c710fb707f21a

    • SHA256

      b2f713e1bba1fd2d520e5b41f7a9cdc974602117cc4405419576c833681fb844

    • SHA512

      f65d13f5f341e2717e7d5baab5c1899fc3c235a593ac30503a515f7b0005893b4b1eef9a1706b8cee04976bcf1d4854167a1714c5eae4131f2c62794c25c3d28

    • SSDEEP

      98304:UeA35Slo8NuutsQazvRFn5Aj9Ilb/QdUbRls+GsmfzTSdZbKRySZ:UL35Sy82FzLyj9Ilb/QujKfv+ZkySZ

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks