Payment Advice.exe

General
Target

Payment Advice.exe

Size

311KB

Sample

210408-12phjv3vdx

Score
10 /10
MD5

050fe32dbac2a40f18acdc43a8f6a31a

SHA1

25fcbceb5ada19e7637544ec5b6e2cd943bf169e

SHA256

eb7c92906b19491e5e670801cbcf189cf105f8e46a0e20c2bc8c7ab14cc1b9c7

SHA512

e97d1640a2ae33b585eae3079e95ea9c09cee2a57a338433a811986cbbe88cf2c14e04b9e4fff40ad98e7442b1dec9b940e590ca333cc3ed49a0a58cce0ae9a4

Malware Config

Extracted

Family azorult
C2

http://bengalcement.com.bd/AxPu/index.php

Targets
Target

Payment Advice.exe

MD5

050fe32dbac2a40f18acdc43a8f6a31a

Filesize

311KB

Score
10 /10
SHA1

25fcbceb5ada19e7637544ec5b6e2cd943bf169e

SHA256

eb7c92906b19491e5e670801cbcf189cf105f8e46a0e20c2bc8c7ab14cc1b9c7

SHA512

e97d1640a2ae33b585eae3079e95ea9c09cee2a57a338433a811986cbbe88cf2c14e04b9e4fff40ad98e7442b1dec9b940e590ca333cc3ed49a0a58cce0ae9a4

Tags

Signatures

  • Azorult

    Description

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    Tags

  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    1/10

                    behavioral1

                    7/10