General

  • Target

    06df1514bba86b157c44fbf93aaecc051e8bf6d151c739ca94a72d979d0a857a

  • Size

    13.0MB

  • Sample

    250604-s9bw9scm8z

  • MD5

    4f385b3fc9f5324bca17d382961512b1

  • SHA1

    0b5d01e6e648a9fe54018165a9c41f0b94395daf

  • SHA256

    06df1514bba86b157c44fbf93aaecc051e8bf6d151c739ca94a72d979d0a857a

  • SHA512

    55bf53a7b788b33f688e4174ddeb6097005df14dd587c1f0386fcca61e06405f99173645fa353952ac0a00c1546915eaadd2f715cef756d5a72eff1779e190c9

  • SSDEEP

    393216:5Vo3NEYSh6ULJk1v5xtwWUBDlNv+xfzHKvZElSEC:aEzh6ULJyxtlUj5ELHQiltC

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\dockerexplore_x86

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      FrameworkData65.exe

    • Size

      1.8MB

    • MD5

      01f9b851b051cd200c052cfe2fe9b71c

    • SHA1

      8afca33f5642281f9fe231119d4e78c2dcf89ec5

    • SHA256

      8da4669efacfcca65de1403a6a37319714608f216aa475b6ab142d40f65fe70f

    • SHA512

      853e7451fc685a4f92587fc21789e3bd75a2a72c4ce30485931b46fb96aa275021b9793d04ca0a55159bdcdd319cd5a2da82269152eb54374711e2aadc57ba33

    • SSDEEP

      24576:wougJyooN/ppuU4US65pGL7UdwKkzgY9gHvYFVqZ0sxSuxiTFexHTeF7wx:TKDD5ITKkM2gHltxSuxiTF+TeFkx

    • Aurotun

      Aurotun is a stealer written in C++.

    • Aurotun family

    • Detects Aurotun stealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Hijackloader family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • Target

      Register.dll

    • Size

      1.4MB

    • MD5

      eb5e5ad1700d39fd104695e3b6fc8886

    • SHA1

      b5ee34a05da027b667d45bab22814235636d3d6f

    • SHA256

      3407ab6ed7e806bb04c8327ba4fa2ae84523f433404cfbdf0896b9ebe86c4c8e

    • SHA512

      7946470f824b85c9e5568e8738a54bff12b574a197242b599d9ffe17ede08d8dbd254fc743f6c889e283dd233aa733e5e4075094dfdf9c92a6d8698338d4fd4c

    • SSDEEP

      24576:Tn7HMj75II68xta2YTZVA3bQRhkWxce9XGdRIxfxPQoEe3esXKTC+R8vTpF:anxtavTU6MdRIDueunTVevTP

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks