Overview
overview
10Static
static
3Package/BugSplat.dll
windows10-2004-x64
3Package/BugSplat.dll
windows11-21h2-x64
3Package/CO...rt.dll
windows10-2004-x64
3Package/CO...rt.dll
windows11-21h2-x64
3Package/DBGHelp.dll
windows10-2004-x64
3Package/DBGHelp.dll
windows11-21h2-x64
3Package/DV...ng.dll
windows10-2004-x64
3Package/DV...ng.dll
windows11-21h2-x64
3Package/Ex...er.dll
windows10-2004-x64
3Package/Ex...er.dll
windows11-21h2-x64
3Package/Joomlon.wsf
windows10-2004-x64
1Package/Joomlon.wsf
windows11-21h2-x64
1Package/NL...ce.dll
windows10-2004-x64
3Package/NL...ce.dll
windows11-21h2-x64
3Package/NL...ce.dll
windows10-2004-x64
3Package/NL...ce.dll
windows11-21h2-x64
3Package/NL...gr.dll
windows10-2004-x64
3Package/NL...gr.dll
windows11-21h2-x64
3Package/So...64.exe
windows10-2004-x64
10Package/So...64.exe
windows11-21h2-x64
10Package/WS...es.dll
windows10-2004-x64
3Package/WS...es.dll
windows11-21h2-x64
3Package/WS...oc.dll
windows10-2004-x64
3Package/WS...oc.dll
windows11-21h2-x64
3Package/WS_Log.dll
windows10-2004-x64
3Package/WS_Log.dll
windows11-21h2-x64
3Package/WsBurn.dll
windows10-2004-x64
3Package/WsBurn.dll
windows11-21h2-x64
3General
-
Target
PLPOTNFD.zip
-
Size
35.4MB
-
Sample
250604-l5yf5svzay
-
MD5
d622ba59d72d6cbad4efc923a25e8a00
-
SHA1
cfb2ee969fefe289003016783adc67cad72b70a7
-
SHA256
02fdfc31c15f4a4aa3b4bee97c968c364c0d98fbe523ae9e62d4b3dd38263ce0
-
SHA512
6fae9a96fd4d13671d185fa05e0407abcc80d3a37cd7ffd00611a56cf0124cdae62f31008062f8c272a6a2acb3e7e6ce87b4bbb8d75dd3eacc36e0b998ba54f3
-
SSDEEP
786432:6a1e1W++20IJo9hL8R3gODkNpTEqmZCdMpdiPcgxeaRCJsa:6akZ+iJoagODcpQ7ZjiVxeEa
Static task
static1
Behavioral task
behavioral1
Sample
Package/BugSplat.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
Package/BugSplat.dll
Resource
win11-20250502-en
Behavioral task
behavioral3
Sample
Package/COMSupport.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
Package/COMSupport.dll
Resource
win11-20250502-en
Behavioral task
behavioral5
Sample
Package/DBGHelp.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
Package/DBGHelp.dll
Resource
win11-20250502-en
Behavioral task
behavioral7
Sample
Package/DVDSetting.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
Package/DVDSetting.dll
Resource
win11-20250502-en
Behavioral task
behavioral9
Sample
Package/ExceptionHandler.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral10
Sample
Package/ExceptionHandler.dll
Resource
win11-20250502-en
Behavioral task
behavioral11
Sample
Package/Joomlon.wsf
Resource
win10v2004-20250502-en
Behavioral task
behavioral12
Sample
Package/Joomlon.wsf
Resource
win11-20250502-en
Behavioral task
behavioral13
Sample
Package/NLEResource.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral14
Sample
Package/NLEResource.dll
Resource
win11-20250502-en
Behavioral task
behavioral15
Sample
Package/NLEService.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral16
Sample
Package/NLEService.dll
Resource
win11-20250502-en
Behavioral task
behavioral17
Sample
Package/NLETransitionMgr.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral18
Sample
Package/NLETransitionMgr.dll
Resource
win11-20250502-en
Behavioral task
behavioral19
Sample
Package/Sonic-Drive64.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral20
Sample
Package/Sonic-Drive64.exe
Resource
win11-20250502-en
Behavioral task
behavioral21
Sample
Package/WSUtilities.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral22
Sample
Package/WSUtilities.dll
Resource
win11-20250502-en
Behavioral task
behavioral23
Sample
Package/WS_ImageProc.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral24
Sample
Package/WS_ImageProc.dll
Resource
win11-20250502-en
Behavioral task
behavioral25
Sample
Package/WS_Log.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral26
Sample
Package/WS_Log.dll
Resource
win11-20250502-en
Behavioral task
behavioral27
Sample
Package/WsBurn.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral28
Sample
Package/WsBurn.dll
Resource
win11-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\PHupdate4
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
Package/BugSplat.dll
-
Size
296KB
-
MD5
27d48c6c48d5259a4e2ad7be369ce906
-
SHA1
66ea6266024a66826a9dd57a1420b8ce6fd13b0c
-
SHA256
4b33ee0e8a4153c0c8ccd945adb18d8f91b5b824746a15986bf6781f081f9968
-
SHA512
a037c86bb33b98d768c27d975bc27be348382e75f4bf96d736d2f3bbcc02b7da9dc922994502fad1eb8f80d4df791c2c0e826b55b68c20580a46b1a0fe2cb43f
-
SSDEEP
6144:zKNX3re4rLmb8Gh8cGLdutlE7ZWeyFEq0DQtzYtRVljQ:zKN6emgGh6LdGwWJFE9ls
Score3/10 -
-
-
Target
Package/COMSupport.dll
-
Size
59KB
-
MD5
976ef4af05e92e4dbb612756e6798a37
-
SHA1
b6eeeab344272c6e9965820d35ca596703a311d6
-
SHA256
b1038928a6da2a1b5064a27187403563f3ab7e8d4ec034dfa8d5d3f6be231191
-
SHA512
dde2923cf55dbd7a9eecd4a114d475008123d433a003ea71da0c50e9ec557fe6dc270e26d97c9076546ba225a9388e303330e601ecaa11dda4e812809a9665db
-
SSDEEP
768:8qr8sIYRM5ZJi9nCJELr6p0KkR7Dp4iUcj3QcYUyQaQIbPYTdRcmt3uo:8qvMi9T6fGmbcbjqmI8TdC03
Score3/10 -
-
-
Target
Package/DBGHelp.dll
-
Size
968KB
-
MD5
3094481f0cb0531b407d2388ecb4b85f
-
SHA1
b2ed7c1895e417e0620e1043a8d3fcc4598fc791
-
SHA256
c1275ddf04a0942b416c1a0b2d32003a4eda732c6f97c74181c236e35d12420f
-
SHA512
34b78729403e16d5ac1032cbb85c5c68f61f2f35b6e57d6d5ea2bc372981e93a1425b46a2c2dd55ed2b2e0b8681f517103e30a86241aec037b1e1788c411252b
-
SSDEEP
24576:cJ0P97FW0NnWpUBBgXRKQ7O7DVUY1V/IMHfyUO:c0PhFVNnWpUBB4i2o7O
Score3/10 -
-
-
Target
Package/DVDSetting.dll
-
Size
41KB
-
MD5
05c88530d48f20ec24dbc4df3470e57d
-
SHA1
44cd6ee8ca8c0ffaf9313a0c24bb781dbc4f3849
-
SHA256
718cfb5195d0e43e795627c781fb3f427856f1cf29f33eedbbc6059b6f214549
-
SHA512
e7654ee6a45ac5c150b9c1b98d530e2c9ca6e89a836408d1435826979b5e009bb6d630c9ab9b6ed124511449754c5ec67181d91c8f96c3e00c7f5179bf2a9675
-
SSDEEP
768:/8qXvDbWzd3vbJEl6s1Tl4jxl01SGoMRuuwV:Eq6dfbJE1T2aSwRuuwV
Score3/10 -
-
-
Target
Package/ExceptionHandler.dll
-
Size
128KB
-
MD5
7c76e3100bd67c47f176a0edde3ef79a
-
SHA1
bff22f39f3ba61cddd695b8a27b5139c5675afba
-
SHA256
6036be1c9a8819998ad10879dff6c04edc787d34a142a3e0841c0fca36fb9c6e
-
SHA512
a9508ef760f5bba22aec0f2784258a364b372ff163bebf4fc59cb4d48c7ac6e68a96b7fd64dddb522dfa4c34f7ad652d8779232dd0db7609fb4b60cc1f4c2bbf
-
SSDEEP
1536:ReLbWzby5i5Zqyt4Q1H9JFXHSFUNNRcZZ36mCcTSkb0EYsKK93BFZ2nQ+iFD+b7:8v+iNPQ1H9JFCsIdjWK9RFZB+iFD+b7
Score3/10 -
-
-
Target
Package/Joomlon.wsf
-
Size
56KB
-
MD5
8e1fead144a9a35381458165a285de66
-
SHA1
aa0e88cba98d24ec0da9f7d8691e98f92f05f9f1
-
SHA256
d6ea3cd5da1d58ad155e2ab83af2c77b910886bd17c79e16b874bbdb31f3c801
-
SHA512
2e815e730c28935b018fa74eac4cc251c3292bb5f7900c1e0a93419e68f9d4448c67d8f1eb4950bf8d660f5158a448f5f352fdb81168813fea75b6f6743bb1e0
-
SSDEEP
1536:m2t2cndPVAPtXH9SGoXw7fB7tVbYXANjmI5vge:3jd9AFXwcfhSMSe
Score1/10 -
-
-
Target
Package/NLEResource.dll
-
Size
167KB
-
MD5
b5b2c99fbe00ce2d3be66890a55640ae
-
SHA1
5110e90d3ee55f05aee9a56ff510fc286d70ba88
-
SHA256
7cd5072111581133c5e28b56bef060b3d3b0d8acca3396ef23c6c384eb292d25
-
SHA512
ea04c33f6d3a65b45ba88019d1121fb4d368a40b5cfc2afbd2fef4125edd29563ef0509fb70a398276f3c456e2d78115d7948261f93cd9709a5a353dfca7e6db
-
SSDEEP
3072:EzCjWwbSlOnn1VASbBvdg573gF8z65t1X:Ea1V1ZqLVW
Score3/10 -
-
-
Target
Package/NLEService.dll
-
Size
289KB
-
MD5
77bffd6a7270bf001aaba999de8394f9
-
SHA1
132a1823392596f9748667b67f4aaef709b335c1
-
SHA256
15c4860f2e0530bc896f9b07f893b32b13cffe40c909293b6232bd5696a5f71a
-
SHA512
358c82c57ccf73a20b3496ff8fe83959f49283536c8ca7a00f6211e8c67a36c3e6a7029f7a30fcd3de502e6007fd9eec654d922e29e9b15815af208e358d1aa4
-
SSDEEP
6144:SN5kbdYKDBpH0gMEjN24gai3/svFlWAWKLrJ:nbqKDBHgaivsPNWMl
Score3/10 -
-
-
Target
Package/NLETransitionMgr.dll
-
Size
124KB
-
MD5
b27ec2286daa245ceb0688df5b7f574d
-
SHA1
e2e301eb3dc569754d21d69be3f845de13a5345d
-
SHA256
41050f6f6919a4516d481f7c9b5fe6074c447afc6e9cc28d180982eea50ae165
-
SHA512
e99ee79e5561d6c4dbfad88fa901d37c55fefd513fa88a1d833d107244a2172ee921e54bd83fd68f1d748d8922bd4f9412ecc703caf351e33b72c3b894bf51cd
-
SSDEEP
1536:AE0joHqSwFPpx0MIANXJ38q+u4taao+CxNpyKAFqKIqp8XbtnXYVX5fUH8:AEI+qSwFtJ3Obt7++YRXYh5fUH8
Score3/10 -
-
-
Target
Package/Sonic-Drive64.exe
-
Size
2.4MB
-
MD5
a4b240cce6e3da6e959f33bd82394034
-
SHA1
ab5d51c7bc80882d9e8f20b11b41a25e775078d6
-
SHA256
44f009ca786bc541cda11c61bab7b272e96ce9e3d656c10bdac2e126f3a9cc35
-
SHA512
f8009e8e7e2735c200057626c4a3c8b4c9c469866b46f8d8e6f2ab8994d317bbbe6b32730b86cf775645851996a79ff2f8d5f12514f5e39bf874cc3851f60bec
-
SSDEEP
24576:hNb6R19IsA8A95bWbiOSc29d8CX5bI7lCIoQIkbRFRHGvustXDF3VBCvxToyTGHS:D8AoW5p0J4DF3LcToyTGSN
Score10/10-
Aurotun family
-
Detects Aurotun stealer
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
Package/WSUtilities.dll
-
Size
182KB
-
MD5
54b87d3271a4fa9b1e1fea51c2ef9c14
-
SHA1
fd79e145376a6268827ed9693f276c6bb8bca326
-
SHA256
30b9b877aa1112105069be6b4de794b7a7147a1d968e71fa63f2edc7397e126f
-
SHA512
88bad2b2137f85e5faef07893bd400fcc4206cbf64655b223e63af743800f13eeb36cae55b5fb3edb907c6e2f623f27075acb10538ecf8bbd597e126a8977ebe
-
SSDEEP
3072:o1xNna70jpS3wOGvWhLdT24Nz0PPDKv6i2DZ6BTNbcGpDhaupU:KbtS3PGvBqR2l6BTN9JBp
Score3/10 -
-
-
Target
Package/WS_ImageProc.dll
-
Size
222KB
-
MD5
23b3a972dc6e25581b6fa9e01bafc375
-
SHA1
39b54451f58d16cc76f875c137d72c2fe93bb3af
-
SHA256
58ef42507d9fc1e8a7b240ef5cddc9f600c3d9a61ee6a42a4045278bb332b86a
-
SHA512
d69e04a8f9ba25dc4bcb4ae9b53122243b8419b658314e92892624b1ee70b3cbb8662be3f0fa9181b1653ddd677c28677e1f8ea212bbb577f1d3ee641921106a
-
SSDEEP
3072:f8Wacf55wj0XUcz4pEM4rsJLtOsAg0FuLBNEBNz6cQoopW+T7:f89cR5wjtcLbULtOsAO1io4o
Score3/10 -
-
-
Target
Package/WS_Log.dll
-
Size
219KB
-
MD5
b016e772c86bd8faabf3ce0d301c4b9c
-
SHA1
12e39e7a0160bb9bd5080b1a168d2e3a8b7f11a0
-
SHA256
af9067296587465c1c5a574750835f10801e8e12a08d3dbd91e66a5bed39c817
-
SHA512
3552bc4c1339e81d71de227ffdf9f9b190073864cbc1982188f6e89e20b919358cccb466543fccc44c6457944a34c3fbe78f4b82d6e89f083afee37b99d12a10
-
SSDEEP
3072:/FoYyQjQpTJV15fSb0pR/grZXEKKdeFazpvhqlMwsR+oTMa5nqps:Itp3ffSITSZUKKdeFchsnNIr
Score3/10 -
-
-
Target
Package/WsBurn.dll
-
Size
2.4MB
-
MD5
c6328e8342538b7e2502b752e5cb1e28
-
SHA1
fdbb116ce30ea6a0a61fd0e36084dfb26e683b22
-
SHA256
8fcae9719a3f831cb73ef50b587a6222ff73d6c1a6ae617636cb31c6e02d5e3a
-
SHA512
3942aa6e7311bef329c049c109e6d9c27a439c3dafa87ec7020c43e878cfa87e741b22d65603bec8d3a0da978405eb64c3a744fd0ac0644680968f682d4aca3a
-
SSDEEP
24576:abK9oW4egvcZwuRRWRjFj63KP0wCkjgLwG0osspaa:ab+YvcecRCj63KP0wCZaossEa
Score3/10 -