General
-
Target
2221df8b5c6e7d89c926bac07a01212a2da6c7f06644507e6c7d1787c3871d22
-
Size
13.8MB
-
Sample
250604-thqf1s1px3
-
MD5
2edf959b1e7f40116f36c5b9c6b939ab
-
SHA1
f3948c7bbb855454655e160742b653ef42fc0213
-
SHA256
2221df8b5c6e7d89c926bac07a01212a2da6c7f06644507e6c7d1787c3871d22
-
SHA512
20b6995b61cdda2cbdbde24f9c1a8f5002dfdbfa2c24eca9d39b5eeaa75246f5f6241c8a310ada047f3a84b653fd46d3fa4f3aaa4d5f68a500c45ed25730456b
-
SSDEEP
393216:zorfl3DsNvrKTHPIwphBwGZKjRJeYACIUB1KCBpDZeeUto8wzVRT9s1EeF:Qfl2EvTHyGZKjR8TWDKCBpDKO8wzpveF
Static task
static1
Behavioral task
behavioral1
Sample
Package/Consol_Cy.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
Package/Consol_Cy.exe
Resource
win11-20250502-en
Behavioral task
behavioral3
Sample
Package/VCRUNTIME140.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
Package/VCRUNTIME140.dll
Resource
win11-20250502-en
Behavioral task
behavioral5
Sample
Package/python38.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
Package/python38.dll
Resource
win11-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\JqoTool_debug_v2
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
Package/Consol_Cy.exe
-
Size
93KB
-
MD5
b12acc9521a8446ef2eb7f9cc6bbc4be
-
SHA1
e10d9ed838949d37d156e3ead2ad535aef19aa9a
-
SHA256
0b6b4e9a97e75c44ae807fccc94629183fa9de5957ea3984e8870450f314e5e9
-
SHA512
23979ff2ce599c44d7d1d5520616df9984468ba396f5526b87555ef802ee3bea57b0f9d7bcd7921fff4181a190a21f1dc91c6b3c8a99d1d6c88b19d20fa7c904
-
SSDEEP
1536:cJnkRJLmfTKdYyIeFsV/YBfWBJl90JlzRgKzdbcHoVM8ksSwxLG:cCRJLmfTbCsVwBeXT2lzRJbcYDkspG
Score10/10-
Aurotun family
-
Detects Aurotun stealer
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
Package/VCRUNTIME140.dll
-
Size
81KB
-
MD5
2ebf45da71bd8ef910a7ece7e4647173
-
SHA1
4ecc9c2d4abe2180d345f72c65758ef4791d6f06
-
SHA256
cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b
-
SHA512
a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457
-
SSDEEP
1536:JlQxqDRpVhURw767ckhI6SysppzDuLCVbd2pecbiyaSEN:JlzDRjhU676gWoJpx2pecbiya
Score3/10 -
-
-
Target
Package/python38.dll
-
Size
3.9MB
-
MD5
4bddcdbe1dc96d4073cf8531358d8e30
-
SHA1
bc613f430d3498dbac2ddf230da30c2fca3150ac
-
SHA256
b2df6069a472d4489c50ce95dde662fd2589103ffe9a62006789da811b12f67a
-
SHA512
3e54d2510915bb7adc02e1830e8645327f4619a8b7ff3078c391993de73613b836d5dd2200e9b02d9cdac87daa39fd17030350c61ce090223284f6d21dae8fa7
-
SSDEEP
49152:RgX8NCM9Nwv/YXxp0DDBdEcnW2vubxI8C5HBKMZnCPdJ9TB7itLV74AFheMY:aMroA2Ecnnj8GHYMZEJqlVtFheMY
Score3/10 -