General

  • Target

    JTHZFPDZ.zip

  • Size

    18.1MB

  • Sample

    250604-l5en2avqw2

  • MD5

    2274fe56244f3ba87c5af5ffa7db33e2

  • SHA1

    990d8f76084390a799f34d435793fee257ba714e

  • SHA256

    fdbaf6ed1bd6336a6e3dc5d09f2ed86337db57d548bab26d50f45cd5314d0ba6

  • SHA512

    3b4c026016d9d2683f7eb39f8b142d34bf9d792fa8e126682382b1ea91973da230a2527abadf468259ff0d3b39dcd92683c5c4233e37bd60aae7df75e19f284c

  • SSDEEP

    393216:6Up6f+RFagaOkco/WSuNAuv1YrNEaETykYmQ1p7pcTvaekNWBxqBqhxaYGSdSn:6UpBa79+JvyrN5ETtYmQ1pdYawLq0jaF

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\CtrlHost

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      MSVCP140.dll

    • Size

      427KB

    • MD5

      3a207bdfaa989abab1cf5f7e86555b87

    • SHA1

      b5df7c111591c9cf719260fcf0769322927f23f8

    • SHA256

      9e9b340bba6d47fb15cde3b9d0568c6d296e3299eca0dfcd2bf000637b36fe13

    • SHA512

      9341b5083a9f1470a2f6834d0440b04346da7f4a1b050741c3acc32af730daa567ddcd15d699b7918b7a3a83b5bc45c5514872100d820d63deb8a9b17633e54f

    • SSDEEP

      12288:JgL0BGzePo6+J+4P0xYv7IQgOhUgiW6QR7t5s03Ooc8dHkC2eshoWKU:Y01Po6+J+dxYv7IQgt03Ooc8dHkC2ewJ

    Score
    3/10
    • Target

      Qt5Core.dll

    • Size

      5.0MB

    • MD5

      3c444b7e23b1b808524f0019057b3e61

    • SHA1

      c005c36d93f6aad4e56f59ef842d56ca48439f3b

    • SHA256

      e3e0cd84ff82900e34273bf9f5163533d67c8b977adad263a9e1f5ad30a1d4c9

    • SHA512

      966dd675b92aa75d98f2c7aa972076a9fa42864257cd477fc344a206fbed69f86b45f151c3e4d13c6a5195698d49434c62e493ea9988c2b675c1c995901a199e

    • SSDEEP

      98304:EaNFdyBTk89nuXn8V+agfbjJGO4ThjjsiZzKf1B73M3M+nv/shYAOfU0BHgBooZ5:xNFdyBTznuXn8V+agjjJGO4ThjjsiZz0

    Score
    3/10
    • Target

      Qt5Gui.dll

    • Size

      5.1MB

    • MD5

      00b2a30beece16c28bdf2b97b06acf1e

    • SHA1

      777497d062f2efeebadafca5d075dd80aa022074

    • SHA256

      4be72d127ac97fa332a9d14dee916e1a198dacd1fcce688ec81155dc72e4f3e2

    • SHA512

      d8e185b6cede653a0b45356f6e2a575c01068bb3f1d5d9d881c5a3e6796fa66815069ab83804407d9ae3035ce092b65a5d94111f4e3771edb5ba77ff8df2c937

    • SSDEEP

      49152:2z0hcZquPUhcDOW/wTifOXBEi4o7flfZSCKnuMDLjJVm/H+As+uthNJZtUJv+2S:Q03uPCcqSm9KbJCH+G6n72S

    Score
    3/10
    • Target

      Qt5Widgets.dll

    • Size

      4.3MB

    • MD5

      71efc3a554ac91dc24e530e8d530bdff

    • SHA1

      3c7c11c822dccfee0654d73985260c0c9c5f7bdf

    • SHA256

      206fd7bb47d7556815074b3f0606055712e23fef8b4ff393c9e0d8ded8e9c140

    • SHA512

      7bf15347bceb050ed3e886820ab0bb1fe64d1d6e268a9a8b0834320bd737e94d8473eba026d5f9a91ae48ab3aae9cff1e68675fab11069c787b5250a88ec2b0d

    • SSDEEP

      49152:lW4ZDOLf5J1aoWdiyckOMVD4UbhwjbD5EMiOU4zVBBpRPlDkf:lW4W5TdyckFpfwnzVBplgf

    Score
    3/10
    • Target

      SCompiler.exe

    • Size

      374KB

    • MD5

      e1fc955b7309ad1ddce0b4a6564a7a44

    • SHA1

      53fb307e873a6be6ead4bf2e00a981ac973c0b8c

    • SHA256

      350a5f5fb8d76e5088317966694b44aef6d3f3387dc572527f0f412891215e04

    • SHA512

      11b712c5e72a88900349b346e0b8ddb046f17cb3ce53102e575a848d5e2841f3dc9430c46ff1900819746fd1bafa17ea97573871eafb22a71a45198ceec34a54

    • SSDEEP

      6144:/zdKOjVbIEfo5XbwrpOBEnq+cBuoJbcliTgxbXW:kyI3gpW

    • Aurotun

      Aurotun is a stealer written in C++.

    • Aurotun family

    • Detects Aurotun stealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Hijackloader family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • Target

      VCRUNTIME140.dll

    • Size

      75KB

    • MD5

      30f437cc4598570e7cc661f8131daf2e

    • SHA1

      1549c04d7babf58b71a243ce5e7ec308494ca818

    • SHA256

      b48dc53977477f13ca80e7aa002d23a127b53515c0a45fe82c2a87f35450d1d0

    • SHA512

      30f21fd5f884d47a46796024ceffb5ef426bbad4c81e1a5fcefe408db5af4739ddc76b18c3937b73000d288440ef886136ef96fc09611c924b20128272cb1539

    • SSDEEP

      1536:gpHuqvERNjBwySXtVaSvrgOFw9RxKMnRecbCv+87DLPx+:gpHZMRNjKySdLcOiHRecbCv+8zx+

    Score
    3/10
    • Target

      tier0.dll

    • Size

      141KB

    • MD5

      bd89b6edbe141ec01268a50cf8e7daa9

    • SHA1

      382cc15f1e5dae0eef316a1683755d3a45591fc0

    • SHA256

      83ef33d3a85993bafe0ca7298c717b54ab9724c4511ae43680d557c6a3d10e2f

    • SHA512

      2c0002d74c65d5cd261ac2b1f154865fdbc9eda765b1105caa73fa12199ac0ffb15fefb478865fa1f05385811c90d468a12249ee8fd07a55f5aeb14d35a2ea22

    • SSDEEP

      3072:RhvV8BSyAbX5dIYAdfMtbzaSlqGae9tRuF9BcCewslxz:RhrpbJVAAzJRaOE9BcjN

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks