Overview
overview
10Static
static
1Package/At...38.exe
windows10-2004-x64
10Package/DiskInfo.dll
windows10-2004-x64
3Package/MSVCP140.dll
windows10-2004-x64
3Package/Up.dll
windows10-2004-x64
5Package/VC...40.dll
windows10-2004-x64
3Package/We...er.dll
windows10-2004-x64
3Package/li..._1.dll
windows10-2004-x64
3Package/mfc140u.dll
windows10-2004-x64
3General
-
Target
DGQRGFSN.zip
-
Size
93.1MB
-
Sample
250604-l5cjnsfp6y
-
MD5
bd2ec35005acdd2ba702120fa2d0e854
-
SHA1
992c3fdcf9b60c2fb8d6328ec50a9d3e667565ae
-
SHA256
891d72fb2ca2334c93df5ceab0001b7d26202f36b0e23af250fceb8629629d41
-
SHA512
ce40226ec2647c01ba2edc0def308fcb7c434e50bf7e9ae04226c694062530f6fe30811827e5ed867a1979de1aac472cf01000a8496c7f7db21ace9f282f8fa9
-
SSDEEP
1572864:d3PaVaJLA+u+JxTndtwOJ5nX4LRMKF43I1Jrlmnq/LGfoBShyZ/C7fIVQxSYeuRz:1YWLP/JxJRILRMKFAYrz0oUhyZB2SYee
Static task
static1
Behavioral task
behavioral1
Sample
Package/Ato_Control38.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
Package/DiskInfo.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral3
Sample
Package/MSVCP140.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
Package/Up.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral5
Sample
Package/VCRUNTIME140.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
Package/WebView2Loader.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral7
Sample
Package/libcrypto-1_1.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
Package/mfc140u.dll
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
Package/Ato_Control38.exe
-
Size
5.0MB
-
MD5
54f78cffeeb539528818737505eb8a6f
-
SHA1
999ae5f9dfc1b4fdfc59bcd4140ae6708ccd61e8
-
SHA256
c0f46a2a7d2f054527f80edc235051031f3b55e78ecbfd9aeaa77e1ff8b9411c
-
SHA512
5b706ba8ee6cb0f0b268860e0d7d60b23cff9ec4f7212938d3e12f0dda8a832c9405c91756160b4c96b558caf51c17fa0834b310d76629207bf01cf1ed13df98
-
SSDEEP
49152:53V2jQ9yNGnW/7r/gFx8x9B/EzZKNtbbbM0Z:53V2MINeW3/gFx0cZKNtbbbMQ
-
Aurotun family
-
Detects Aurotun stealer
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
Package/DiskInfo.dll
-
Size
2.0MB
-
MD5
624ea2b0697fe8ef58088090a1cf5442
-
SHA1
da79e53077237de6326cd96c47bbbbbf988ede8d
-
SHA256
ad8556c031a9917745fe92533a6e354b7f97996ab02e2d6cda3cc72e621f1947
-
SHA512
bd17d5c3da2402fcdc312023b01b02324eaf11cb08f96cc87012ef2b36beaae6823138c19269dfaff58ad1d9ce9f1d4dc602ed8a1a35122fcc2e0f931c163bb7
-
SSDEEP
49152:lHGxqvhi4QQt4SnBcEYBeXHxLkBEqCDia9uOCn:5hLQQtFnCEYBqHxLkBEqCDia9RA
Score3/10 -
-
-
Target
Package/MSVCP140.dll
-
Size
426KB
-
MD5
8ff1898897f3f4391803c7253366a87b
-
SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0
-
SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
-
SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03
-
SSDEEP
12288:/gO0BGzePo6+J+4P0xYv7IQgnhUgiW6QR7t5s03Ooc8dHkC2esKcWKe0:701Po6+J+dxYv7IQgk03Ooc8dHkC2ezc
Score3/10 -
-
-
Target
Package/Up.dll
-
Size
589KB
-
MD5
14bf5d3b181d00eaa72e0fe4a3c4d138
-
SHA1
53d6030fdf0077b1a4e4c362ed16b0a7ff9e8bf1
-
SHA256
57972c5ce575ea09835212dba27791f33b8f07980bba69393d75b1cc20d58a6c
-
SHA512
8f4a64054fb8495b6fdbfc83aa9183c89fbbf4bab2dda539c39dbff511dbeb1e432ad066a68f119ce940c67ef874e178b97d6de3d0263633add8d22226e9ad8b
-
SSDEEP
12288:1qyzMOuCr45sYE6/jBiogAzJ72lVN6ElP17DO+FIN3MLSLqkvqg6c1ysDDZ+3y/G:YyQxDoAl2lfSe1adIPMI7OBW7D
Score5/10-
Drops file in System32 directory
-
-
-
Target
Package/VCRUNTIME140.dll
-
Size
74KB
-
MD5
1a84957b6e681fca057160cd04e26b27
-
SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe
-
SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5
-
SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa
-
SSDEEP
1536:zHHuqvERNjBwySXtVaSvrgOFw9RxKMn5ecbCKnIY7:zHHZMRNjKySdLcOiH5ecbCKnN
Score3/10 -
-
-
Target
Package/WebView2Loader.dll
-
Size
112KB
-
MD5
8fb7d2fa445716d23433ee696d41387d
-
SHA1
e9b64d19435fbcac962f2fc4de7853f4a5da2736
-
SHA256
d6f70c734b09917e1ef9abc54a0edc84afea3f784e31c8ec75fb525b2821eee5
-
SHA512
d9a572fd60697bf142255f59065cacda4b78bf4ffd242daf89041c2054b7fc980c3044678ee209ed93874aba0e59f55527bae934fe50d6e50cddf8319d44d0c6
-
SSDEEP
3072:NswDUh9T2dO9O3ed9zJ11Xx3QKHwsT+2Et+AlLWD/I3qFW:Ns39T2dO4o91LEt7ht3sW
Score3/10 -
-
-
Target
Package/libcrypto-1_1.dll
-
Size
1.6MB
-
MD5
9aeb2d782c07245e1f065ffdd63ba7e8
-
SHA1
f5f5c342bad936ccc9848e594d9b77c85143d252
-
SHA256
14c64e71a3f1edac861370abe291eeee4dbf5ea4a83315ca2fe07c40d4fdd84a
-
SHA512
32b531782facd22ac19425c98cc9ecac7f98f72365fafb1bac5804fafbb597d959b846b5b99db845ca8bc2fdfdf2fc291dcce078da52dc110fb95ab4ecda2a3d
-
SSDEEP
49152:vvt0EbtOBBL7gpUbmg7m1CPwDv3uFciouc:nt0EEBlgebmgK1CPwDv3uFcia
Score3/10 -
-
-
Target
Package/mfc140u.dll
-
Size
4.9MB
-
MD5
e76b52d11db435d36453d26c8b446a8f
-
SHA1
6e20c17ed973e38d4a3f26cfc020af05ff9a6eea
-
SHA256
e422c9366a53536a35e307ef301f08661c28c29b7fcda1b454333c6a41c6bb21
-
SHA512
486be0145d5e439d3d9f5191a4a49ea3685619796557cd7a361117c25a279ee7b94a9ff70c4d73adbe839a6ce508ab15692ddd8fd6eabc3dbef18b68d6b0c67f
-
SSDEEP
98304:bJZczGW8ke6KllNHsyBqGeQVrrNW2XkGMWrGFLOAkGkzdnEVomFHKnPUUdMG:XczGRGKLBZ/YGkGMWKFLOyomFHKnPr1
Score3/10 -