General
-
Target
Purchase Order 45584.xlsx
-
Size
2.3MB
-
Sample
210120-99be7wh1fa
-
MD5
69eac4dc4f1e64e9912a7a20acdea37d
-
SHA1
05a713ac7bb1c39c51aaa4ba132131e751f70db4
-
SHA256
257586cb20dfe8e3fa19a99c2084e51904c6e714b021a72d39fd382e8910b709
-
SHA512
0cb333bce7c9800ad2ae0705d5adb7e7dc20104ac024ece04cf62a0bfe3be89ddcc9791c51f869f9303bb7b35c40ef3219b5bf63a7c42995231e37138e296b4f
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order 45584.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Purchase Order 45584.xlsx
Resource
win10v20201028
Malware Config
Extracted
azorult
http://al-ifah.com/PL341/index.php
Targets
-
-
Target
Purchase Order 45584.xlsx
-
Size
2.3MB
-
MD5
69eac4dc4f1e64e9912a7a20acdea37d
-
SHA1
05a713ac7bb1c39c51aaa4ba132131e751f70db4
-
SHA256
257586cb20dfe8e3fa19a99c2084e51904c6e714b021a72d39fd382e8910b709
-
SHA512
0cb333bce7c9800ad2ae0705d5adb7e7dc20104ac024ece04cf62a0bfe3be89ddcc9791c51f869f9303bb7b35c40ef3219b5bf63a7c42995231e37138e296b4f
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Looks for VirtualBox Guest Additions in registry
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-