General
-
Target
811B36654147B9E875884AD822100F2B.exe
-
Size
17.3MB
-
Sample
250605-rhe9yax1gs
-
MD5
811b36654147b9e875884ad822100f2b
-
SHA1
a4b3c3475bf35a1adc0ba4ee303544e5c8c76826
-
SHA256
e68aaae515c5a9209fad7b4217f534de39b36ec66aff13c900c6c729e14dd31f
-
SHA512
72baa92306352eed514bd49f740475cbd6a4c13fa647a67739f59b9c690f9d244ad37aafd57c3621aaa8b9093bbdb7fb68579ddb4c41b5294adcbcbe486683fa
-
SSDEEP
393216:MGUcREA7ZcJkX5B7Rr0lLiL49cXLMVEmpV+gDc211a:MzzAe6X5tReiE9cX4O8ESc1
Static task
static1
Behavioral task
behavioral1
Sample
811B36654147B9E875884AD822100F2B.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
811B36654147B9E875884AD822100F2B.exe
Resource
win11-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\serviceCli_1
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
811B36654147B9E875884AD822100F2B.exe
-
Size
17.3MB
-
MD5
811b36654147b9e875884ad822100f2b
-
SHA1
a4b3c3475bf35a1adc0ba4ee303544e5c8c76826
-
SHA256
e68aaae515c5a9209fad7b4217f534de39b36ec66aff13c900c6c729e14dd31f
-
SHA512
72baa92306352eed514bd49f740475cbd6a4c13fa647a67739f59b9c690f9d244ad37aafd57c3621aaa8b9093bbdb7fb68579ddb4c41b5294adcbcbe486683fa
-
SSDEEP
393216:MGUcREA7ZcJkX5B7Rr0lLiL49cXLMVEmpV+gDc211a:MzzAe6X5tReiE9cX4O8ESc1
Score10/10-
Aurotun family
-
Detects Aurotun stealer
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-