General
-
Target
🛡 𝓘η𝓼𝓽@𝓵𝓵 ⋇ 𝓤𝓹𝓭𝓪𝓽𝓮𝓭 ⋇ 𝓢𝓮𝓽𝓾𝓹 ⋇ 𝓝e𝔀.7z
-
Size
8.5MB
-
Sample
250704-xpvabsxq12
-
MD5
f3d9889cdff30caab9f330be5c02145c
-
SHA1
b0bfc0f0c3ce8aacb3f581b5cb8fcbd76ab66bb5
-
SHA256
c31199b03cbaf80d134e6ff0d6ae44e2ad4c4be42af7b56c5cc1692f505260c0
-
SHA512
8ffd27b3b05920004bedbf1e5da308f1da98027d0286548594fa826bc305b7b3716d4673d30b669230bb02f623001969aea447335cf6932279013a8b864ba677
-
SSDEEP
196608:U+4/o9yHy1JBPM1jy8gLHEj4dRBuu8ndtvg+bWtryJ7fmHh/swLQMn:Uh/o9z1JFYjg+4dG1ENNydWswLQI
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win10ltsc2021-20250610-es
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\shtl
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
Setup.exe
-
Size
66KB
-
MD5
3f8f49d756681fba89f727737ff17c46
-
SHA1
30e87f37701fd6d2280c2a8581dd4de5f8e9ffe1
-
SHA256
4f8aaadbf10d38b5a6edee498a5061f8028b14548261f36f44ed56998f5a86c4
-
SHA512
6395948fdc232174699a5063bc3ca196cdd8f501ebe85fc9fb12846e15f0c2e067706c5f5ce9b01ad3dd2813bfcef021dd7a306971a51bcc0da3934503d6093d
-
SSDEEP
1536:xRyA50FhUXXL8QUU9hbJ3zPR+2Ni7BpSgv:xBqUnLTbNPR+2Nidp
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-