General
-
Target
Notification from SARS Non Compliance Notice.PDF.exe
-
Size
281KB
-
Sample
210113-rkeqjkwwlx
-
MD5
ac3d6756e2babc2499c9c6e8606ba8b3
-
SHA1
b6133ae29e346481ca448dc4f82e2853ef88176b
-
SHA256
84eed2d8d2c4b18c30ee556a96f780eacab4867c8edddad676161d205c6ee404
-
SHA512
b8b541882f5ec01fdb5f0c4e8fbe8a9b2a192ac074ac7f0e70abc69eaf4bc2da4f1d292ce286d03949e57b6616eb4d6e7c1f15ff85449b8a12c0c3efe38554fd
Static task
static1
Behavioral task
behavioral1
Sample
Notification from SARS Non Compliance Notice.PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Notification from SARS Non Compliance Notice.PDF.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Notification from SARS Non Compliance Notice.PDF.exe
-
Size
281KB
-
MD5
ac3d6756e2babc2499c9c6e8606ba8b3
-
SHA1
b6133ae29e346481ca448dc4f82e2853ef88176b
-
SHA256
84eed2d8d2c4b18c30ee556a96f780eacab4867c8edddad676161d205c6ee404
-
SHA512
b8b541882f5ec01fdb5f0c4e8fbe8a9b2a192ac074ac7f0e70abc69eaf4bc2da4f1d292ce286d03949e57b6616eb4d6e7c1f15ff85449b8a12c0c3efe38554fd
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Deletes itself
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-