General

  • Target

    🛡 𝓘η𝓼𝓽@𝓵𝓵 ⋇ 𝓤𝓹𝓭𝓪𝓽𝓮𝓭 ⋇ 𝓢𝓮𝓽𝓾𝓹 ⋇ 𝓝e𝔀.7z

  • Size

    8.5MB

  • Sample

    250704-xpvabsxq12

  • MD5

    f3d9889cdff30caab9f330be5c02145c

  • SHA1

    b0bfc0f0c3ce8aacb3f581b5cb8fcbd76ab66bb5

  • SHA256

    c31199b03cbaf80d134e6ff0d6ae44e2ad4c4be42af7b56c5cc1692f505260c0

  • SHA512

    8ffd27b3b05920004bedbf1e5da308f1da98027d0286548594fa826bc305b7b3716d4673d30b669230bb02f623001969aea447335cf6932279013a8b864ba677

  • SSDEEP

    196608:U+4/o9yHy1JBPM1jy8gLHEj4dRBuu8ndtvg+bWtryJ7fmHh/swLQMn:Uh/o9z1JFYjg+4dG1ENNydWswLQI

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\shtl

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      Setup.exe

    • Size

      66KB

    • MD5

      3f8f49d756681fba89f727737ff17c46

    • SHA1

      30e87f37701fd6d2280c2a8581dd4de5f8e9ffe1

    • SHA256

      4f8aaadbf10d38b5a6edee498a5061f8028b14548261f36f44ed56998f5a86c4

    • SHA512

      6395948fdc232174699a5063bc3ca196cdd8f501ebe85fc9fb12846e15f0c2e067706c5f5ce9b01ad3dd2813bfcef021dd7a306971a51bcc0da3934503d6093d

    • SSDEEP

      1536:xRyA50FhUXXL8QUU9hbJ3zPR+2Ni7BpSgv:xBqUnLTbNPR+2Nidp

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks