General

  • Target

    7cbc664156edc17ca319c3d14acc21e19ec3e0f7a5067e1485fbae1f21fe3b80

  • Size

    15.0MB

  • Sample

    250604-r453gszsgt

  • MD5

    22c180d6e86e7a43f794fc759f466815

  • SHA1

    887e70fc397b1dc425254613356325f2878a2b3a

  • SHA256

    7cbc664156edc17ca319c3d14acc21e19ec3e0f7a5067e1485fbae1f21fe3b80

  • SHA512

    6580e3fe8c249a64122d69265fa35288dfe32c52cddb1f8328a4e5baee5ba4cfbe4764bbbee1b4737dd2424920efdc3199356dd0919d9733c0cc76fb81bdebe9

  • SSDEEP

    393216:g8Z89dXqZzRkFLVxm8O19oPvg0UW+0xGOsZJhJEt:gHBSzRkFLVS10vJUvUcb4

Malware Config

Targets

    • Target

      FileAssociation.dll

    • Size

      584KB

    • MD5

      ea728eeea179f3ef8a80a03ae84378c9

    • SHA1

      1afd6e8aa977bf75a6c76f4fbd21c5ca2d765658

    • SHA256

      95d51ee9c58f789213cedac7e82c7ba064364d9e5c8ca76ad27a5e53537f9fdf

    • SHA512

      212058ffc067cda2143a2ccfe8ad22c2254334f6a83090237d8f55c9028e8209bb2b52bfea7ac8aaf29ebfdd3633ca0802ae5dfa5790ade9285a46065f77e593

    • SSDEEP

      12288:X5v6LSfcaS28r5qyLxzQhFEcTEyX2k8YStmejph0lhSMXleYjA9q+3K0:X5HcZ28DpiEcTEymk8YXeVh0lhSMXl9S

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Target

      MSVCP140.dll

    • Size

      439KB

    • MD5

      4d157073a891d0832b9b05fb8aca73a8

    • SHA1

      551efcdd93ecafc6b54ebb6f8f38c505d42d61ca

    • SHA256

      718812adb0d669eea9606432202371e358c7de6cdeafeddad222c36ae0d3f263

    • SHA512

      141563450e4cdf44315270360414f339fc3c96ebdaa46e28a1f673237c30f5e94e6da271db67547499c14dc3bd10e39767c3b6a2a3c9cec0a64a11f0263e0c5d

    • SSDEEP

      12288:6rK6LQK2R9Y9huTJzNa/LNE4Qclv5wDAb0qhUgiW6QR7t5s03Ooc8dHkC2esjaoq:ANZ2R9Y9huTJzNcNE4Qclv5wDA0p03O4

    Score
    3/10
    • Target

      Qt5Core.dll

    • Size

      5.1MB

    • MD5

      1ff666d827e3358b6c9af1f9e2d5c40e

    • SHA1

      c6df91d241d3bc23efd20971d723ed4b7e16cea3

    • SHA256

      80468f76013dd808fe6871a3eaf0c1c279e304711f1893e082397d9a95e64280

    • SHA512

      157dc2b81b81414850d784e84580b98a92c95586c6677cf097205d2940cfc704de1dc7dd5ab3e33e4e5824e64b070d74c136fc1f928d9be49fcc8196b5f76e45

    • SSDEEP

      98304:H3QkIHj14FdDzqJsv6tWKFdu9CjzHveRnZyxEdnu:HgdZJsv6tWKFdu9CjzHeS

    Score
    3/10
    • Target

      Qt5Network.dll

    • Size

      1.1MB

    • MD5

      a00d38af148cc8a6481ef182f86b77ed

    • SHA1

      76b401ee60ca094d3da04524401e5d6eb80d3bb6

    • SHA256

      ddc9894e36231d749265155ba02f2d70ec5e006cea34010750b220ce49ce391a

    • SHA512

      0bfc7d1ad67d8ba837a76f91876ab4cf452712017d0698bdc4e4c6496b084829bd03d93f76ab6a9bc0793b8ba1216fef9de927b849842ed362e135715ef5b9fd

    • SSDEEP

      24576:TNfY4/b8d22Gmou3ZjRkjZgUPiV69DrOMxpqDc0EGQVzKa+:7Ad22GrziVaSDckf

    Score
    3/10
    • Target

      ServicHyper21.exe

    • Size

      239KB

    • MD5

      a0b05f899a022110debaf359f4c8e000

    • SHA1

      e8ea8b05a99337bc82403ecfc8a5dbd507112ad7

    • SHA256

      79384ef76740962757d617bc056bf8a45b2ef8f1e1587632b36830e2fc6ab21a

    • SHA512

      113191932b1fd55acfb09a7fcb1ab30bdeaa2b9de04f9fdfa9a7f4a70805becea7a8e2dbb0d971abae85c93602f73a951609c6f0f10907eedb5c74702bf58185

    • SSDEEP

      3072:ppmxSLq48zrTM3AlCCngq004MWgMc46YSn2lDdiCbIcRQNPkydL051ELKrEmIC:pUxSLb8zrTM5qp/wJdMcRQGydQ5iefH

    • Aurotun

      Aurotun is a stealer written in C++.

    • Aurotun family

    • Detects Aurotun stealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • Target

      VCRUNTIME140.dll

    • Size

      88KB

    • MD5

      e4ed441f0f6afb0d8d55af87900ec48f

    • SHA1

      ac5bd77fd06ed29bebceb65371387555658870d9

    • SHA256

      09d1e604e8cdd06176fcc3d3698861be20638a4391f9f2d9e23f868c1576ca94

    • SHA512

      dec6d693aa2d6c043ef8ae35f7f613cf9366aeb8a5903e8e0c54644f799262229b91953c65d39f8535ce464c75bf34b3b23ddb50a9fc5f171d36d6bfa1e4d7dd

    • SSDEEP

      1536:obiyVUrqIQsn1xtg6RxkkBGCGHDWbWzaecbGaBLL9Qzv6mzm:yiyLyt/xcRjWazaecbGCWba

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks