General
-
Target
05531c061f2250cd363d71eb5f2b21c8.bin
-
Size
4.8MB
-
Sample
230328-bc7h8saa3s
-
MD5
05531c061f2250cd363d71eb5f2b21c8
-
SHA1
265b5b6b1ad8e84cd4d2091347a87cec026a739b
-
SHA256
284bc391a9ffe696724de6181170e4d6f1fdf4f97fbf8c0856e53454b0cd6b30
-
SHA512
638a91df300a6cf1b3c211f527134281fa6503f5b805b179c3c47a2ee6910e06251723726c9e0a7bc3b2e2e3e476e54ef94e70e1b8e27e824dfeb89e5f954936
-
SSDEEP
98304:919aRhRStjQUaFqaVudL1Ru8WpJZhlWSnBr39Zh:xasFQUaFqaVQy9lWErN
Malware Config
Targets
-
-
Target
Atzuim/Atzium.exe
-
Size
2.8MB
-
MD5
b7f3185d453b9a56b68c1e9e5b2bd7d2
-
SHA1
c8e582e9fc989d6e475e008fb15248feb212eb79
-
SHA256
9fd6b780c4a12ba677fa1cb50422335a94a9cd00e531d4b719469d754f0aa22f
-
SHA512
6c0f9a41ec7dc57eae368c4efc06abae3b18ec956b209f90cb86a7aa310b83c30789bba923a5a0aac41f4e758b85589e14ba22582f97f07c7892decbe2a1e459
-
SSDEEP
49152:0smhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:GqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Atzuim/KeraLua.dll
-
Size
28KB
-
MD5
2e93dd11e94937a806d7c24ef26103ab
-
SHA1
c0358f2a6d3162558940b7414bc192e25c921eed
-
SHA256
776bb33406229021a3b42de1c90d51f4da78b859d9bc669073d711bc0b22c44f
-
SHA512
d991ffb837a594b2241f5f6dd6036c9d6789ded63ea4834cd33e8d2ebf4ec1fba9eacbef746348ca0ed9d7f5cc3a57f6e16c3eabaaca4c578723159542664a12
-
SSDEEP
768:YYSgrpvsqLVoE5ESCZH6HKuccnFMpBXzavfdMQ:LvskoE5pRsDatJ
Score1/10 -
-
-
Target
Atzuim/NLog.config
-
Size
517B
-
MD5
0d1a49fa8281f5d4984004b62d9ae457
-
SHA1
ed22becafdebddd201ddfe3133ce7b02c618b088
-
SHA256
b534a8d42001593ac6ed55c8dfbac725081a23ee303df06aad67b331bd012511
-
SHA512
7eccb33d4a3bac846b9caffdc013e864651b20c9c43ee85084f50acc2e9a9644da12d045df7cdf587c8c8b5b3c80be6924e2c4fb697c4e7bc955bb5c242655ed
Score1/10 -
-
-
Target
Atzuim/NLog.dll
-
Size
775KB
-
MD5
872ea2543f07900b10dc2c276cc66b44
-
SHA1
79c93649e8b4f3e587a229f91e0eb90683070c5a
-
SHA256
772eb511ee0b252fc438643de1ea3c0a94cdb6e98d1d1903db148e32bad7bd8c
-
SHA512
120ed83adf8074ba0bf982a717a3c8f25ce344bf8e492dce802210b37e322f8b2429d667debf0fc4d946a44366b3ea3c3ed626116824f21a7526f23fdf1b3043
-
SSDEEP
12288:WrDLBz77t7zbr9UlYi1gDuHR6JO2rhKCfH5UsQ:WrDLBz77t7zbr9UlHsJDh1fH5UsQ
Score1/10 -
-
-
Target
Atzuim/NLua.dll
-
Size
80KB
-
MD5
816723bfa93ef0955083ce99370e0902
-
SHA1
399cd0c76c31685f1042bd54558505056002c038
-
SHA256
4293cc3e9ebe0b8a9203d45e8e1da16fb5f52412f9d4162307ba3cbc44088e3e
-
SHA512
bc27ac3285737b55a0d5e9eec0bf32b3e3a7d6edf313946a2efdb550b717fd1df9e8122c16f22a20cf1642854ed862bb80cd34eb1c8b1b64f3bdfef77c0f11f6
-
SSDEEP
1536:wqanK8RWwsKnUSCLRYGmGMJaJbee6d+H+TeB6eZxEA:wqanKaWbKPMZ80JbeV7eMMEA
Score1/10 -
-
-
Target
Atzuim/Nett.dll
-
Size
165KB
-
MD5
c9f7095a1b3bfad54d3203cc807bebe5
-
SHA1
8f8f3dcffe041a29d91b2159ecf8033ade999b8b
-
SHA256
3ca8204f46040ac82181f1691c9d8ab17ff2e9d7fe3933678388bcfbda50755e
-
SHA512
fcd341d7f1c416cff73e90ee09db3bc19d551789336eb10d328579debf9246fe95ae2000b4bce9e7248112fc7e7744110ec87d4bdfaf0bccda042e27fe3d7ec6
-
SSDEEP
3072:HJLLgvrAzIJZBs14Vx4OgFBRT/lGKDh5ALep9eOKQ7OVC8x:HJLcczb14VETlGKviBdQ
Score1/10 -
-
-
Target
Atzuim/Newtonsoft.Json.dll
-
Size
492KB
-
MD5
5e02ddaf3b02e43e532fc6a52b04d14b
-
SHA1
67f0bd5cfa3824860626b6b3fff37dc89e305cec
-
SHA256
78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb
-
SHA512
38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c
-
SSDEEP
12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH
Score1/10 -
-
-
Target
Atzuim/QRCoder.dll
-
Size
105KB
-
MD5
ac1f61dedc4e2b6a09c71ee503033802
-
SHA1
b2febc07aee19b5304474c13e10b16671ed05420
-
SHA256
c49f9712b7644199f87835bc00a0ffc36905e0f59fe2426de47d593c42aa20cf
-
SHA512
d4cccabc43396398c94f281835593f1501221d7399146193fcf656f8444f2fcb712dff7da27d42cb515f8819c4fd364718bca1e50a6e4789b1c91d9d33ecae2b
-
SSDEEP
3072:n0ei1wh+Jw9Nn4pDU8jasseFryLbGOjIkE8jo3u:GwzAUO7FyLIk2
Score1/10 -
-
-
Target
Atzuim/SETUP.bat
-
Size
831B
-
MD5
83c8351e4d21e22133da8d57f68cc1bb
-
SHA1
97c941af38e891eaa3ffab5de21e1ae68807cdb6
-
SHA256
249197df5c597c262a3ea064b1940e7c9de594c912fe697689c38a3c6ae073c0
-
SHA512
3ec04729172b27998cfab86e27c6bc4a57d65d2f75cb0f8abccb86f036911e4e6cb29df03127b23cbc25dd9dff3d13713f341ae9ea407ca4b6b9e2c480fe3a66
Score5/10-
Drops file in System32 directory
-
-
-
Target
Atzuim/ScpDriverInterface.dll
-
Size
11KB
-
MD5
d52bdb78ffe2ba10cbb1bca7de0558f6
-
SHA1
bac6188b3469fc77abd9e53a85269db8f512ef27
-
SHA256
8b3e3bafc49ede6c240971b1cff6d14671533a721111d1cc43607070f30c3158
-
SHA512
fe61f7183cf2b6a75cd48b32264372ecc7f2d98f47c2f2b70e0ed79fe3781591d1c0a1babfdde844ec21ed28bdc28772e4a417e87c6fd1a8ccf605971c4c799b
-
SSDEEP
192:aVUgK0kM2sKcSG41jQiQrrY6TQK+lgpi3aKpP6bF6:a6gcM2sRSG4tb0vwgpi3aTbF6
Score1/10 -
-
-
Target
Atzuim/System.Drawing.Common.dll
-
Size
50KB
-
MD5
0d233ab9028cb32bcf7818baf00c1c37
-
SHA1
c4b726bc1ec51f8a9b22a575bc8e2a076d724baf
-
SHA256
5fab2cf57311d81f4d7df96ad13a53275ae54cffb69ec2e4ba7b7dc706a080a1
-
SHA512
e3db3cbf61e4a87b676c308faf054f23a52571402adc6d95577b8bed82d5d6cbac5284b7519ebee847bd1ca32924777ed038e2d40ee0daef981cb73a996a0ad4
-
SSDEEP
1536:DjXYMIE3O/mcMJhuJiykNeCYSprNDOBd+dBI:DjXYzE3O/mcMJgJiy5C/DOBoU
Score1/10 -
-
-
Target
Atzuim/UNINSTALL.bat
-
Size
820B
-
MD5
eefb9d45577c83575ab3c1ba7435bd94
-
SHA1
6d2b9e163b9717999ea8af4806fe6386015c1bfc
-
SHA256
ea4da9d38dca01b8372439178ada2656d46aff41e7316dd62dd554d9ea6cff65
-
SHA512
11407bd9d549ace1804286d96c27f4f771d252cb2b443081783e3f82b5e512b9b18d6d7dd2983f869bc5afae126d023d23b6994f45f54222e66936e8d50cd24f
Score1/10 -
-
-
Target
Atzuim/drivers/DIFxAPI/DIFxAPI_x64.dll
-
Size
506KB
-
MD5
1a2e5109c2bb5c68d499e17b83acb73a
-
SHA1
efa15cfa23606dfc355d11580b509e768a50ddbb
-
SHA256
e70bbcee0d01658ccd201ebe0f0e547b9daff01b7c593a0fdd0c64e5f45d6f11
-
SHA512
47317d24d02c4122fe175bcd7f5b3dd8823063e7ea63f83961e40f10872642d2d6f6e6abaf5fb7630cf0e9d8cec0d112889600b14ecb8698b81597f52d54815b
-
SSDEEP
6144:1uS8iJgEjHlmbGQGt20CZPbPBtqd0xYP2MJL:1u8JgfGQrIPfZ
Score1/10 -
-
-
Target
Atzuim/drivers/DIFxAPI/DIFxAPI_x86.dll
-
Size
315KB
-
MD5
cf73c3a03582408d422d4f7a01190d00
-
SHA1
4582875874d066e8975b8a04488422419137fce4
-
SHA256
dd12d00ca9c9b1013091e733eae021347ba52dcd69173a7e5e4fd80b45ee60f6
-
SHA512
c3d82121c0535fc819329b8c6e29078f7e71245528658093ed98dd72af8af1200eede951388d938e9b27c049a0874f5cf686a42aa880da34390a72bc1112c8aa
-
SSDEEP
6144:T3+rEo4fNwSQCT4YNjtMWDnYPWsjfVnnSSNbVQqbySUB:r+rEo4lWYNjJbYtdnpWhS6
Score1/10 -
-
-
Target
Atzuim/drivers/Driver/amd64/ScpVBus.sys
-
Size
38KB
-
MD5
0447065a6e10774efcecfdd0eb970a79
-
SHA1
c18c57e3d6d97a8aea6fb9389620804f491b491f
-
SHA256
384a9ac72e756f96d43ee4b144a466564476afd8778092c979116bb29a514433
-
SHA512
59069fe7492397a9cdf8065c75432b16a540894828ab175f874827ad82657f98bbd6645db6c9741a56956b71593082cac10d76fccc7095c62db263184996381c
-
SSDEEP
768:82z+6yz3JqnYCblcp6wOuBvC4cTPfZ2Vw2zeOBjEwXxyvJ3GB1b6GCFL2G:82ByY12kwOoER2lKSXCIB1PCF
Score1/10 -
-
-
Target
Atzuim/drivers/Driver/x86/ScpVBus.sys
-
Size
32KB
-
MD5
de2c2e6a9971e4cb6ff944867ae77042
-
SHA1
621f616b3b4af57d5fdc55b6bfc1a2badfa78af7
-
SHA256
f84fd1daaddac4eaa89427c4778f0216c4d99b97f02848713998ee5c186e21c0
-
SHA512
f7513cff94b8c40dbd93e04ed7b1b80bd9bbc023a265b163a465af6ca3bcf46f250bbec564b3e14ddfd106359c3b9617b046066b6a6b24fa8b9438d25b42280a
-
SSDEEP
384:d+wyk2eCK3PRiZ1bcvrlEeT0OEM8LI9s6kgTr7kiX5vFmXhBcfXaM8l1l3JhDPjH:d+upCJeT5EP76kgTn3VFMmva/h12G
Score1/10 -