Overview
overview
10Static
static
1MSVCP140.dll
windows10-2004-x64
3MSVCP140.dll
windows11-21h2-x64
3Qt5Core.dll
windows10-2004-x64
3Qt5Core.dll
windows11-21h2-x64
3Qt5Gui.dll
windows10-2004-x64
3Qt5Gui.dll
windows11-21h2-x64
3Qt5Widgets.dll
windows10-2004-x64
3Qt5Widgets.dll
windows11-21h2-x64
3SCompiler.exe
windows10-2004-x64
10SCompiler.exe
windows11-21h2-x64
10VCRUNTIME140.dll
windows10-2004-x64
3VCRUNTIME140.dll
windows11-21h2-x64
3tier0.dll
windows10-2004-x64
3tier0.dll
windows11-21h2-x64
3General
-
Target
JTHZFPDZ.zip
-
Size
18.1MB
-
Sample
250604-l5en2avqw2
-
MD5
2274fe56244f3ba87c5af5ffa7db33e2
-
SHA1
990d8f76084390a799f34d435793fee257ba714e
-
SHA256
fdbaf6ed1bd6336a6e3dc5d09f2ed86337db57d548bab26d50f45cd5314d0ba6
-
SHA512
3b4c026016d9d2683f7eb39f8b142d34bf9d792fa8e126682382b1ea91973da230a2527abadf468259ff0d3b39dcd92683c5c4233e37bd60aae7df75e19f284c
-
SSDEEP
393216:6Up6f+RFagaOkco/WSuNAuv1YrNEaETykYmQ1p7pcTvaekNWBxqBqhxaYGSdSn:6UpBa79+JvyrN5ETtYmQ1pdYawLq0jaF
Static task
static1
Behavioral task
behavioral1
Sample
MSVCP140.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
MSVCP140.dll
Resource
win11-20250502-en
Behavioral task
behavioral3
Sample
Qt5Core.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
Qt5Core.dll
Resource
win11-20250502-en
Behavioral task
behavioral5
Sample
Qt5Gui.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
Qt5Gui.dll
Resource
win11-20250502-en
Behavioral task
behavioral7
Sample
Qt5Widgets.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
Qt5Widgets.dll
Resource
win11-20250502-en
Behavioral task
behavioral9
Sample
SCompiler.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral10
Sample
SCompiler.exe
Resource
win11-20250502-en
Behavioral task
behavioral11
Sample
VCRUNTIME140.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral12
Sample
VCRUNTIME140.dll
Resource
win11-20250502-en
Behavioral task
behavioral13
Sample
tier0.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral14
Sample
tier0.dll
Resource
win11-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\CtrlHost
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
MSVCP140.dll
-
Size
427KB
-
MD5
3a207bdfaa989abab1cf5f7e86555b87
-
SHA1
b5df7c111591c9cf719260fcf0769322927f23f8
-
SHA256
9e9b340bba6d47fb15cde3b9d0568c6d296e3299eca0dfcd2bf000637b36fe13
-
SHA512
9341b5083a9f1470a2f6834d0440b04346da7f4a1b050741c3acc32af730daa567ddcd15d699b7918b7a3a83b5bc45c5514872100d820d63deb8a9b17633e54f
-
SSDEEP
12288:JgL0BGzePo6+J+4P0xYv7IQgOhUgiW6QR7t5s03Ooc8dHkC2eshoWKU:Y01Po6+J+dxYv7IQgt03Ooc8dHkC2ewJ
Score3/10 -
-
-
Target
Qt5Core.dll
-
Size
5.0MB
-
MD5
3c444b7e23b1b808524f0019057b3e61
-
SHA1
c005c36d93f6aad4e56f59ef842d56ca48439f3b
-
SHA256
e3e0cd84ff82900e34273bf9f5163533d67c8b977adad263a9e1f5ad30a1d4c9
-
SHA512
966dd675b92aa75d98f2c7aa972076a9fa42864257cd477fc344a206fbed69f86b45f151c3e4d13c6a5195698d49434c62e493ea9988c2b675c1c995901a199e
-
SSDEEP
98304:EaNFdyBTk89nuXn8V+agfbjJGO4ThjjsiZzKf1B73M3M+nv/shYAOfU0BHgBooZ5:xNFdyBTznuXn8V+agjjJGO4ThjjsiZz0
Score3/10 -
-
-
Target
Qt5Gui.dll
-
Size
5.1MB
-
MD5
00b2a30beece16c28bdf2b97b06acf1e
-
SHA1
777497d062f2efeebadafca5d075dd80aa022074
-
SHA256
4be72d127ac97fa332a9d14dee916e1a198dacd1fcce688ec81155dc72e4f3e2
-
SHA512
d8e185b6cede653a0b45356f6e2a575c01068bb3f1d5d9d881c5a3e6796fa66815069ab83804407d9ae3035ce092b65a5d94111f4e3771edb5ba77ff8df2c937
-
SSDEEP
49152:2z0hcZquPUhcDOW/wTifOXBEi4o7flfZSCKnuMDLjJVm/H+As+uthNJZtUJv+2S:Q03uPCcqSm9KbJCH+G6n72S
Score3/10 -
-
-
Target
Qt5Widgets.dll
-
Size
4.3MB
-
MD5
71efc3a554ac91dc24e530e8d530bdff
-
SHA1
3c7c11c822dccfee0654d73985260c0c9c5f7bdf
-
SHA256
206fd7bb47d7556815074b3f0606055712e23fef8b4ff393c9e0d8ded8e9c140
-
SHA512
7bf15347bceb050ed3e886820ab0bb1fe64d1d6e268a9a8b0834320bd737e94d8473eba026d5f9a91ae48ab3aae9cff1e68675fab11069c787b5250a88ec2b0d
-
SSDEEP
49152:lW4ZDOLf5J1aoWdiyckOMVD4UbhwjbD5EMiOU4zVBBpRPlDkf:lW4W5TdyckFpfwnzVBplgf
Score3/10 -
-
-
Target
SCompiler.exe
-
Size
374KB
-
MD5
e1fc955b7309ad1ddce0b4a6564a7a44
-
SHA1
53fb307e873a6be6ead4bf2e00a981ac973c0b8c
-
SHA256
350a5f5fb8d76e5088317966694b44aef6d3f3387dc572527f0f412891215e04
-
SHA512
11b712c5e72a88900349b346e0b8ddb046f17cb3ce53102e575a848d5e2841f3dc9430c46ff1900819746fd1bafa17ea97573871eafb22a71a45198ceec34a54
-
SSDEEP
6144:/zdKOjVbIEfo5XbwrpOBEnq+cBuoJbcliTgxbXW:kyI3gpW
Score10/10-
Aurotun family
-
Detects Aurotun stealer
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
VCRUNTIME140.dll
-
Size
75KB
-
MD5
30f437cc4598570e7cc661f8131daf2e
-
SHA1
1549c04d7babf58b71a243ce5e7ec308494ca818
-
SHA256
b48dc53977477f13ca80e7aa002d23a127b53515c0a45fe82c2a87f35450d1d0
-
SHA512
30f21fd5f884d47a46796024ceffb5ef426bbad4c81e1a5fcefe408db5af4739ddc76b18c3937b73000d288440ef886136ef96fc09611c924b20128272cb1539
-
SSDEEP
1536:gpHuqvERNjBwySXtVaSvrgOFw9RxKMnRecbCv+87DLPx+:gpHZMRNjKySdLcOiHRecbCv+8zx+
Score3/10 -
-
-
Target
tier0.dll
-
Size
141KB
-
MD5
bd89b6edbe141ec01268a50cf8e7daa9
-
SHA1
382cc15f1e5dae0eef316a1683755d3a45591fc0
-
SHA256
83ef33d3a85993bafe0ca7298c717b54ab9724c4511ae43680d557c6a3d10e2f
-
SHA512
2c0002d74c65d5cd261ac2b1f154865fdbc9eda765b1105caa73fa12199ac0ffb15fefb478865fa1f05385811c90d468a12249ee8fd07a55f5aeb14d35a2ea22
-
SSDEEP
3072:RhvV8BSyAbX5dIYAdfMtbzaSlqGae9tRuF9BcCewslxz:RhrpbJVAAzJRaOE9BcjN
Score3/10 -