General
-
Target
UZIBSQUQ.zip
-
Size
26.6MB
-
Sample
250604-l5y3nsfp8z
-
MD5
6be1acfaa6f67eb74483067c0f21391f
-
SHA1
4c486bbe1cc3199eee3ae6ceb2fb075134c1c32b
-
SHA256
6704a379f672ca353b19b1fe4856274821dc2f922e8049dccfcb1a7381266bc6
-
SHA512
96285155cfc44e63e2f417d1fc749d64f69a20a4c941b2b68c8faaf4e4dc0c94dc963da0e8a2d21284722f1422f18a1f174fb43ef01f78fa35704c89af468202
-
SSDEEP
393216:1oS8lM6h2gtNm2GRy8ftzvalYvu1eHiCsujNC2J6+YETDcDI+cx139Q9AXFSCF+:1oS6fh2g/GMEUlV1exNC2CPIZ9Q94+
Static task
static1
Behavioral task
behavioral1
Sample
NaviEch64.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
Tools.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral3
Sample
sqlite3.dll
Resource
win10v2004-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\wizardProtect_v2
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
NaviEch64.exe
-
Size
5.1MB
-
MD5
0477c2f9171599ca5bc3307fdfba8d89
-
SHA1
24eb3d47987c5cc97589c6f1685af5cb28001e16
-
SHA256
b4f2980e0ba4c1e1b303b443a2c45f4a9090c0d745809f84afb1879b70abf195
-
SHA512
903aced62c9209c878d3fcb481ff10ca4f6fc2801dc45ac809fe123945c6ef6b1662d55c9939ba67736a4bcca1583d5c5e1f766c141699a86d33a5359e32651d
-
SSDEEP
49152:9dTweV4wyDPCfMpbKccEVC3s9bha76kiYmdUBKGTEJwcsNUNcKthjF0OiQ1hlGCj:9dowyDUMNKcRbsmGTEJFhN1XKOih/
Score10/10-
Aurotun family
-
Detects Aurotun stealer
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
Tools.dll
-
Size
1.2MB
-
MD5
337992f8cc09205e978ff42cd00dddc8
-
SHA1
59382e658b5e32918e6d52bf9f7726199887bfee
-
SHA256
efaa3b08777289bbcda0885a067fa2487ae82566d5e971633c28af8837160999
-
SHA512
1848bf614b45a1080d5ea3c0177a963a96ce3b1ed94a5adad6c17a7503a6e667c777925b17245f8d0eff9129f4c67b591dc5d01c94058bf6a32aa6494398a8af
-
SSDEEP
24576:PboIDeeQytIs9JSan1hr41aSkHhRyPtujlCpqr1Lf8cK:PDaf2tQQ9EcK
Score3/10 -
-
-
Target
sqlite3.dll
-
Size
325KB
-
MD5
f9f07b9e08f555d3a54f7ed78f1726a6
-
SHA1
6996b0ad878a0bc3f73ae5d6915cd648580800e9
-
SHA256
427111ddc94b60794e5d9af1fbc52fbfdc90d054cbb88a70f7b689a50b508dec
-
SHA512
2d5adb9c39e84b8b11324975ec1fe9ca49c148fb1ad0e952bc1ed994b98264574516610244c508632c737d3eb4f4b1649bdc16559735e44c352aa1c82a08e25a
-
SSDEEP
6144:4VJHAE3BWzZEAVPrrWxyLqHeuI9I19qnSX7cH0sU/1dMWw3/o:+dAE3BOLPY5euIqqnC7cUVdW3/o
Score3/10 -