Overview
overview
10Static
static
1FileAssociation.dll
windows10-2004-x64
7FileAssociation.dll
windows11-21h2-x64
7MSVCP140.dll
windows10-2004-x64
3MSVCP140.dll
windows11-21h2-x64
3Qt5Core.dll
windows10-2004-x64
3Qt5Core.dll
windows11-21h2-x64
3Qt5Network.dll
windows10-2004-x64
3Qt5Network.dll
windows11-21h2-x64
3ServicHyper21.exe
windows10-2004-x64
10ServicHyper21.exe
windows11-21h2-x64
10VCRUNTIME140.dll
windows10-2004-x64
3VCRUNTIME140.dll
windows11-21h2-x64
3General
-
Target
7cbc664156edc17ca319c3d14acc21e19ec3e0f7a5067e1485fbae1f21fe3b80
-
Size
15.0MB
-
Sample
250604-r453gszsgt
-
MD5
22c180d6e86e7a43f794fc759f466815
-
SHA1
887e70fc397b1dc425254613356325f2878a2b3a
-
SHA256
7cbc664156edc17ca319c3d14acc21e19ec3e0f7a5067e1485fbae1f21fe3b80
-
SHA512
6580e3fe8c249a64122d69265fa35288dfe32c52cddb1f8328a4e5baee5ba4cfbe4764bbbee1b4737dd2424920efdc3199356dd0919d9733c0cc76fb81bdebe9
-
SSDEEP
393216:g8Z89dXqZzRkFLVxm8O19oPvg0UW+0xGOsZJhJEt:gHBSzRkFLVS10vJUvUcb4
Static task
static1
Behavioral task
behavioral1
Sample
FileAssociation.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
FileAssociation.dll
Resource
win11-20250502-en
Behavioral task
behavioral3
Sample
MSVCP140.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
MSVCP140.dll
Resource
win11-20250502-en
Behavioral task
behavioral5
Sample
Qt5Core.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
Qt5Core.dll
Resource
win11-20250502-en
Behavioral task
behavioral7
Sample
Qt5Network.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
Qt5Network.dll
Resource
win11-20250502-en
Behavioral task
behavioral9
Sample
ServicHyper21.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral10
Sample
ServicHyper21.exe
Resource
win11-20250502-en
Behavioral task
behavioral11
Sample
VCRUNTIME140.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral12
Sample
VCRUNTIME140.dll
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
FileAssociation.dll
-
Size
584KB
-
MD5
ea728eeea179f3ef8a80a03ae84378c9
-
SHA1
1afd6e8aa977bf75a6c76f4fbd21c5ca2d765658
-
SHA256
95d51ee9c58f789213cedac7e82c7ba064364d9e5c8ca76ad27a5e53537f9fdf
-
SHA512
212058ffc067cda2143a2ccfe8ad22c2254334f6a83090237d8f55c9028e8209bb2b52bfea7ac8aaf29ebfdd3633ca0802ae5dfa5790ade9285a46065f77e593
-
SSDEEP
12288:X5v6LSfcaS28r5qyLxzQhFEcTEyX2k8YStmejph0lhSMXleYjA9q+3K0:X5HcZ28DpiEcTEymk8YXeVh0lhSMXl9S
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
-
-
Target
MSVCP140.dll
-
Size
439KB
-
MD5
4d157073a891d0832b9b05fb8aca73a8
-
SHA1
551efcdd93ecafc6b54ebb6f8f38c505d42d61ca
-
SHA256
718812adb0d669eea9606432202371e358c7de6cdeafeddad222c36ae0d3f263
-
SHA512
141563450e4cdf44315270360414f339fc3c96ebdaa46e28a1f673237c30f5e94e6da271db67547499c14dc3bd10e39767c3b6a2a3c9cec0a64a11f0263e0c5d
-
SSDEEP
12288:6rK6LQK2R9Y9huTJzNa/LNE4Qclv5wDAb0qhUgiW6QR7t5s03Ooc8dHkC2esjaoq:ANZ2R9Y9huTJzNcNE4Qclv5wDA0p03O4
Score3/10 -
-
-
Target
Qt5Core.dll
-
Size
5.1MB
-
MD5
1ff666d827e3358b6c9af1f9e2d5c40e
-
SHA1
c6df91d241d3bc23efd20971d723ed4b7e16cea3
-
SHA256
80468f76013dd808fe6871a3eaf0c1c279e304711f1893e082397d9a95e64280
-
SHA512
157dc2b81b81414850d784e84580b98a92c95586c6677cf097205d2940cfc704de1dc7dd5ab3e33e4e5824e64b070d74c136fc1f928d9be49fcc8196b5f76e45
-
SSDEEP
98304:H3QkIHj14FdDzqJsv6tWKFdu9CjzHveRnZyxEdnu:HgdZJsv6tWKFdu9CjzHeS
Score3/10 -
-
-
Target
Qt5Network.dll
-
Size
1.1MB
-
MD5
a00d38af148cc8a6481ef182f86b77ed
-
SHA1
76b401ee60ca094d3da04524401e5d6eb80d3bb6
-
SHA256
ddc9894e36231d749265155ba02f2d70ec5e006cea34010750b220ce49ce391a
-
SHA512
0bfc7d1ad67d8ba837a76f91876ab4cf452712017d0698bdc4e4c6496b084829bd03d93f76ab6a9bc0793b8ba1216fef9de927b849842ed362e135715ef5b9fd
-
SSDEEP
24576:TNfY4/b8d22Gmou3ZjRkjZgUPiV69DrOMxpqDc0EGQVzKa+:7Ad22GrziVaSDckf
Score3/10 -
-
-
Target
ServicHyper21.exe
-
Size
239KB
-
MD5
a0b05f899a022110debaf359f4c8e000
-
SHA1
e8ea8b05a99337bc82403ecfc8a5dbd507112ad7
-
SHA256
79384ef76740962757d617bc056bf8a45b2ef8f1e1587632b36830e2fc6ab21a
-
SHA512
113191932b1fd55acfb09a7fcb1ab30bdeaa2b9de04f9fdfa9a7f4a70805becea7a8e2dbb0d971abae85c93602f73a951609c6f0f10907eedb5c74702bf58185
-
SSDEEP
3072:ppmxSLq48zrTM3AlCCngq004MWgMc46YSn2lDdiCbIcRQNPkydL051ELKrEmIC:pUxSLb8zrTM5qp/wJdMcRQGydQ5iefH
-
Aurotun family
-
Detects Aurotun stealer
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
VCRUNTIME140.dll
-
Size
88KB
-
MD5
e4ed441f0f6afb0d8d55af87900ec48f
-
SHA1
ac5bd77fd06ed29bebceb65371387555658870d9
-
SHA256
09d1e604e8cdd06176fcc3d3698861be20638a4391f9f2d9e23f868c1576ca94
-
SHA512
dec6d693aa2d6c043ef8ae35f7f613cf9366aeb8a5903e8e0c54644f799262229b91953c65d39f8535ce464c75bf34b3b23ddb50a9fc5f171d36d6bfa1e4d7dd
-
SSDEEP
1536:obiyVUrqIQsn1xtg6RxkkBGCGHDWbWzaecbGaBLL9Qzv6mzm:yiyLyt/xcRjWazaecbGCWba
Score3/10 -