General

  • Target

    DGQRGFSN.zip

  • Size

    93.1MB

  • Sample

    250604-l5cjnsfp6y

  • MD5

    bd2ec35005acdd2ba702120fa2d0e854

  • SHA1

    992c3fdcf9b60c2fb8d6328ec50a9d3e667565ae

  • SHA256

    891d72fb2ca2334c93df5ceab0001b7d26202f36b0e23af250fceb8629629d41

  • SHA512

    ce40226ec2647c01ba2edc0def308fcb7c434e50bf7e9ae04226c694062530f6fe30811827e5ed867a1979de1aac472cf01000a8496c7f7db21ace9f282f8fa9

  • SSDEEP

    1572864:d3PaVaJLA+u+JxTndtwOJ5nX4LRMKF43I1Jrlmnq/LGfoBShyZ/C7fIVQxSYeuRz:1YWLP/JxJRILRMKFAYrz0oUhyZB2SYee

Malware Config

Targets

    • Target

      Package/Ato_Control38.exe

    • Size

      5.0MB

    • MD5

      54f78cffeeb539528818737505eb8a6f

    • SHA1

      999ae5f9dfc1b4fdfc59bcd4140ae6708ccd61e8

    • SHA256

      c0f46a2a7d2f054527f80edc235051031f3b55e78ecbfd9aeaa77e1ff8b9411c

    • SHA512

      5b706ba8ee6cb0f0b268860e0d7d60b23cff9ec4f7212938d3e12f0dda8a832c9405c91756160b4c96b558caf51c17fa0834b310d76629207bf01cf1ed13df98

    • SSDEEP

      49152:53V2jQ9yNGnW/7r/gFx8x9B/EzZKNtbbbM0Z:53V2MINeW3/gFx0cZKNtbbbMQ

    • Aurotun

      Aurotun is a stealer written in C++.

    • Aurotun family

    • Detects Aurotun stealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • Target

      Package/DiskInfo.dll

    • Size

      2.0MB

    • MD5

      624ea2b0697fe8ef58088090a1cf5442

    • SHA1

      da79e53077237de6326cd96c47bbbbbf988ede8d

    • SHA256

      ad8556c031a9917745fe92533a6e354b7f97996ab02e2d6cda3cc72e621f1947

    • SHA512

      bd17d5c3da2402fcdc312023b01b02324eaf11cb08f96cc87012ef2b36beaae6823138c19269dfaff58ad1d9ce9f1d4dc602ed8a1a35122fcc2e0f931c163bb7

    • SSDEEP

      49152:lHGxqvhi4QQt4SnBcEYBeXHxLkBEqCDia9uOCn:5hLQQtFnCEYBqHxLkBEqCDia9RA

    Score
    3/10
    • Target

      Package/MSVCP140.dll

    • Size

      426KB

    • MD5

      8ff1898897f3f4391803c7253366a87b

    • SHA1

      9bdbeed8f75a892b6b630ef9e634667f4c620fa0

    • SHA256

      51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

    • SHA512

      cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

    • SSDEEP

      12288:/gO0BGzePo6+J+4P0xYv7IQgnhUgiW6QR7t5s03Ooc8dHkC2esKcWKe0:701Po6+J+dxYv7IQgk03Ooc8dHkC2ezc

    Score
    3/10
    • Target

      Package/Up.dll

    • Size

      589KB

    • MD5

      14bf5d3b181d00eaa72e0fe4a3c4d138

    • SHA1

      53d6030fdf0077b1a4e4c362ed16b0a7ff9e8bf1

    • SHA256

      57972c5ce575ea09835212dba27791f33b8f07980bba69393d75b1cc20d58a6c

    • SHA512

      8f4a64054fb8495b6fdbfc83aa9183c89fbbf4bab2dda539c39dbff511dbeb1e432ad066a68f119ce940c67ef874e178b97d6de3d0263633add8d22226e9ad8b

    • SSDEEP

      12288:1qyzMOuCr45sYE6/jBiogAzJ72lVN6ElP17DO+FIN3MLSLqkvqg6c1ysDDZ+3y/G:YyQxDoAl2lfSe1adIPMI7OBW7D

    Score
    5/10
    • Drops file in System32 directory

    • Target

      Package/VCRUNTIME140.dll

    • Size

      74KB

    • MD5

      1a84957b6e681fca057160cd04e26b27

    • SHA1

      8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

    • SHA256

      9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

    • SHA512

      5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

    • SSDEEP

      1536:zHHuqvERNjBwySXtVaSvrgOFw9RxKMn5ecbCKnIY7:zHHZMRNjKySdLcOiH5ecbCKnN

    Score
    3/10
    • Target

      Package/WebView2Loader.dll

    • Size

      112KB

    • MD5

      8fb7d2fa445716d23433ee696d41387d

    • SHA1

      e9b64d19435fbcac962f2fc4de7853f4a5da2736

    • SHA256

      d6f70c734b09917e1ef9abc54a0edc84afea3f784e31c8ec75fb525b2821eee5

    • SHA512

      d9a572fd60697bf142255f59065cacda4b78bf4ffd242daf89041c2054b7fc980c3044678ee209ed93874aba0e59f55527bae934fe50d6e50cddf8319d44d0c6

    • SSDEEP

      3072:NswDUh9T2dO9O3ed9zJ11Xx3QKHwsT+2Et+AlLWD/I3qFW:Ns39T2dO4o91LEt7ht3sW

    Score
    3/10
    • Target

      Package/libcrypto-1_1.dll

    • Size

      1.6MB

    • MD5

      9aeb2d782c07245e1f065ffdd63ba7e8

    • SHA1

      f5f5c342bad936ccc9848e594d9b77c85143d252

    • SHA256

      14c64e71a3f1edac861370abe291eeee4dbf5ea4a83315ca2fe07c40d4fdd84a

    • SHA512

      32b531782facd22ac19425c98cc9ecac7f98f72365fafb1bac5804fafbb597d959b846b5b99db845ca8bc2fdfdf2fc291dcce078da52dc110fb95ab4ecda2a3d

    • SSDEEP

      49152:vvt0EbtOBBL7gpUbmg7m1CPwDv3uFciouc:nt0EEBlgebmgK1CPwDv3uFcia

    Score
    3/10
    • Target

      Package/mfc140u.dll

    • Size

      4.9MB

    • MD5

      e76b52d11db435d36453d26c8b446a8f

    • SHA1

      6e20c17ed973e38d4a3f26cfc020af05ff9a6eea

    • SHA256

      e422c9366a53536a35e307ef301f08661c28c29b7fcda1b454333c6a41c6bb21

    • SHA512

      486be0145d5e439d3d9f5191a4a49ea3685619796557cd7a361117c25a279ee7b94a9ff70c4d73adbe839a6ce508ab15692ddd8fd6eabc3dbef18b68d6b0c67f

    • SSDEEP

      98304:bJZczGW8ke6KllNHsyBqGeQVrrNW2XkGMWrGFLOAkGkzdnEVomFHKnPUUdMG:XczGRGKLBZ/YGkGMWKFLOyomFHKnPr1

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks