General

  • Target

    TOTGZDTT.zip

  • Size

    92.9MB

  • Sample

    250604-l5drqsfp7s

  • MD5

    f03c30f6ecd71086bdcae7958f2751be

  • SHA1

    3a9f6fc6ffe0a93d7f54c93a90dcc34e64c0bc36

  • SHA256

    0eb055536e5f198f1c9b7113bc4e5693207a78002f6dc3a356b8820ca99cffae

  • SHA512

    1da5a62aa95e07bacfc4f9a2b1bb1d72ea4a48100c6811c8fe26bbc7a83cbc9eafbc7a863b1110e9bc7413d00e40da8081862accb821bb3dff4ca36230902acb

  • SSDEEP

    1572864:y3PaY2ffs+eHXWUsaYgAkMqD9Vdxg4GpjhoDqzxja1L8cu8cP2Nl8Re5NArXIfeI:w/w0qURHaqDLlGD0P1LTc+84evZ1w

Malware Config

Targets

    • Target

      Package/Ato_Control38.exe

    • Size

      5.0MB

    • MD5

      54f78cffeeb539528818737505eb8a6f

    • SHA1

      999ae5f9dfc1b4fdfc59bcd4140ae6708ccd61e8

    • SHA256

      c0f46a2a7d2f054527f80edc235051031f3b55e78ecbfd9aeaa77e1ff8b9411c

    • SHA512

      5b706ba8ee6cb0f0b268860e0d7d60b23cff9ec4f7212938d3e12f0dda8a832c9405c91756160b4c96b558caf51c17fa0834b310d76629207bf01cf1ed13df98

    • SSDEEP

      49152:53V2jQ9yNGnW/7r/gFx8x9B/EzZKNtbbbM0Z:53V2MINeW3/gFx0cZKNtbbbMQ

    • Aurotun

      Aurotun is a stealer written in C++.

    • Aurotun family

    • Detects Aurotun stealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • Target

      Package/DiskInfo.dll

    • Size

      2.0MB

    • MD5

      624ea2b0697fe8ef58088090a1cf5442

    • SHA1

      da79e53077237de6326cd96c47bbbbbf988ede8d

    • SHA256

      ad8556c031a9917745fe92533a6e354b7f97996ab02e2d6cda3cc72e621f1947

    • SHA512

      bd17d5c3da2402fcdc312023b01b02324eaf11cb08f96cc87012ef2b36beaae6823138c19269dfaff58ad1d9ce9f1d4dc602ed8a1a35122fcc2e0f931c163bb7

    • SSDEEP

      49152:lHGxqvhi4QQt4SnBcEYBeXHxLkBEqCDia9uOCn:5hLQQtFnCEYBqHxLkBEqCDia9RA

    Score
    3/10
    • Target

      Package/MSVCP140.dll

    • Size

      426KB

    • MD5

      8ff1898897f3f4391803c7253366a87b

    • SHA1

      9bdbeed8f75a892b6b630ef9e634667f4c620fa0

    • SHA256

      51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

    • SHA512

      cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

    • SSDEEP

      12288:/gO0BGzePo6+J+4P0xYv7IQgnhUgiW6QR7t5s03Ooc8dHkC2esKcWKe0:701Po6+J+dxYv7IQgk03Ooc8dHkC2ezc

    Score
    3/10
    • Target

      Package/Up.dll

    • Size

      589KB

    • MD5

      14bf5d3b181d00eaa72e0fe4a3c4d138

    • SHA1

      53d6030fdf0077b1a4e4c362ed16b0a7ff9e8bf1

    • SHA256

      57972c5ce575ea09835212dba27791f33b8f07980bba69393d75b1cc20d58a6c

    • SHA512

      8f4a64054fb8495b6fdbfc83aa9183c89fbbf4bab2dda539c39dbff511dbeb1e432ad066a68f119ce940c67ef874e178b97d6de3d0263633add8d22226e9ad8b

    • SSDEEP

      12288:1qyzMOuCr45sYE6/jBiogAzJ72lVN6ElP17DO+FIN3MLSLqkvqg6c1ysDDZ+3y/G:YyQxDoAl2lfSe1adIPMI7OBW7D

    Score
    5/10
    • Drops file in System32 directory

    • Target

      Package/VCRUNTIME140.dll

    • Size

      74KB

    • MD5

      1a84957b6e681fca057160cd04e26b27

    • SHA1

      8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

    • SHA256

      9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

    • SHA512

      5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

    • SSDEEP

      1536:zHHuqvERNjBwySXtVaSvrgOFw9RxKMn5ecbCKnIY7:zHHZMRNjKySdLcOiH5ecbCKnN

    Score
    3/10
    • Target

      Package/WebView2Loader.dll

    • Size

      112KB

    • MD5

      8fb7d2fa445716d23433ee696d41387d

    • SHA1

      e9b64d19435fbcac962f2fc4de7853f4a5da2736

    • SHA256

      d6f70c734b09917e1ef9abc54a0edc84afea3f784e31c8ec75fb525b2821eee5

    • SHA512

      d9a572fd60697bf142255f59065cacda4b78bf4ffd242daf89041c2054b7fc980c3044678ee209ed93874aba0e59f55527bae934fe50d6e50cddf8319d44d0c6

    • SSDEEP

      3072:NswDUh9T2dO9O3ed9zJ11Xx3QKHwsT+2Et+AlLWD/I3qFW:Ns39T2dO4o91LEt7ht3sW

    Score
    3/10
    • Target

      Package/libcrypto-1_1.dll

    • Size

      1.6MB

    • MD5

      9aeb2d782c07245e1f065ffdd63ba7e8

    • SHA1

      f5f5c342bad936ccc9848e594d9b77c85143d252

    • SHA256

      14c64e71a3f1edac861370abe291eeee4dbf5ea4a83315ca2fe07c40d4fdd84a

    • SHA512

      32b531782facd22ac19425c98cc9ecac7f98f72365fafb1bac5804fafbb597d959b846b5b99db845ca8bc2fdfdf2fc291dcce078da52dc110fb95ab4ecda2a3d

    • SSDEEP

      49152:vvt0EbtOBBL7gpUbmg7m1CPwDv3uFciouc:nt0EEBlgebmgK1CPwDv3uFcia

    Score
    3/10
    • Target

      Package/mfc140u.dll

    • Size

      4.9MB

    • MD5

      e76b52d11db435d36453d26c8b446a8f

    • SHA1

      6e20c17ed973e38d4a3f26cfc020af05ff9a6eea

    • SHA256

      e422c9366a53536a35e307ef301f08661c28c29b7fcda1b454333c6a41c6bb21

    • SHA512

      486be0145d5e439d3d9f5191a4a49ea3685619796557cd7a361117c25a279ee7b94a9ff70c4d73adbe839a6ce508ab15692ddd8fd6eabc3dbef18b68d6b0c67f

    • SSDEEP

      98304:bJZczGW8ke6KllNHsyBqGeQVrrNW2XkGMWrGFLOAkGkzdnEVomFHKnPUUdMG:XczGRGKLBZ/YGkGMWKFLOyomFHKnPr1

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks