Extracted

• • Target

    Order Purchase List.xlsx

  • Size

    12KB

  • MD5

    97680c19eb7372a5a6104836eb2eacf6

  • SHA1

    f89fd944584b2f9da2c716d395a5b342315b53d2

  • SHA256

    12b6116974f1dd42d7ae0c4d57cbba29ed3e8a069096c9991e9d5210330ace36

  • SHA512

    1f4072f26921fb4da8c5369b76a2f54774b46cc398d8963ec6fecf72052d10107e393e55389b0ba0353c584be5d17c5844453df4c3af3ac1fa030a58bb05be31

  Score

  10^/10

  azorultdiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2