General
-
Target
06df1514bba86b157c44fbf93aaecc051e8bf6d151c739ca94a72d979d0a857a
-
Size
13.0MB
-
Sample
250604-s9bw9scm8z
-
MD5
4f385b3fc9f5324bca17d382961512b1
-
SHA1
0b5d01e6e648a9fe54018165a9c41f0b94395daf
-
SHA256
06df1514bba86b157c44fbf93aaecc051e8bf6d151c739ca94a72d979d0a857a
-
SHA512
55bf53a7b788b33f688e4174ddeb6097005df14dd587c1f0386fcca61e06405f99173645fa353952ac0a00c1546915eaadd2f715cef756d5a72eff1779e190c9
-
SSDEEP
393216:5Vo3NEYSh6ULJk1v5xtwWUBDlNv+xfzHKvZElSEC:aEzh6ULJyxtlUj5ELHQiltC
Static task
static1
Behavioral task
behavioral1
Sample
FrameworkData65.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
Register.dll
Resource
win10v2004-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\dockerexplore_x86
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
FrameworkData65.exe
-
Size
1.8MB
-
MD5
01f9b851b051cd200c052cfe2fe9b71c
-
SHA1
8afca33f5642281f9fe231119d4e78c2dcf89ec5
-
SHA256
8da4669efacfcca65de1403a6a37319714608f216aa475b6ab142d40f65fe70f
-
SHA512
853e7451fc685a4f92587fc21789e3bd75a2a72c4ce30485931b46fb96aa275021b9793d04ca0a55159bdcdd319cd5a2da82269152eb54374711e2aadc57ba33
-
SSDEEP
24576:wougJyooN/ppuU4US65pGL7UdwKkzgY9gHvYFVqZ0sxSuxiTFexHTeF7wx:TKDD5ITKkM2gHltxSuxiTF+TeFkx
Score10/10-
Aurotun family
-
Detects Aurotun stealer
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
Register.dll
-
Size
1.4MB
-
MD5
eb5e5ad1700d39fd104695e3b6fc8886
-
SHA1
b5ee34a05da027b667d45bab22814235636d3d6f
-
SHA256
3407ab6ed7e806bb04c8327ba4fa2ae84523f433404cfbdf0896b9ebe86c4c8e
-
SHA512
7946470f824b85c9e5568e8738a54bff12b574a197242b599d9ffe17ede08d8dbd254fc743f6c889e283dd233aa733e5e4075094dfdf9c92a6d8698338d4fd4c
-
SSDEEP
24576:Tn7HMj75II68xta2YTZVA3bQRhkWxce9XGdRIxfxPQoEe3esXKTC+R8vTpF:anxtavTU6MdRIDueunTVevTP
Score3/10 -