General
-
Target
MUN_2207.xlsb
-
Size
38KB
-
Sample
210722-mt8hf3t9ns
-
MD5
302b089cdad737572251ed036c828168
-
SHA1
a22de587007bf85f3998b4cdde2e794409ea0c0b
-
SHA256
b4f58a5e9cc1c3b94f848aeb3830e9e28a38ec98cc6ec3337661d7b17c08e358
-
SHA512
d52c79b2040d4028a31ca83304a23650e095c5efda67c6e3f0039d0b5bf9c9120825f4d4e89cad2290f582f6f294de3dfd003a0a91ec3eb6b85610dbfceedf25
Static task
static1
Behavioral task
behavioral1
Sample
MUN_2207.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
MUN_2207.xlsb
Resource
win10v20210408
Malware Config
Extracted
azorult
http://itthonfiatalon.hu/temp/reo/index.php
Targets
-
-
Target
MUN_2207.xlsb
-
Size
38KB
-
MD5
302b089cdad737572251ed036c828168
-
SHA1
a22de587007bf85f3998b4cdde2e794409ea0c0b
-
SHA256
b4f58a5e9cc1c3b94f848aeb3830e9e28a38ec98cc6ec3337661d7b17c08e358
-
SHA512
d52c79b2040d4028a31ca83304a23650e095c5efda67c6e3f0039d0b5bf9c9120825f4d4e89cad2290f582f6f294de3dfd003a0a91ec3eb6b85610dbfceedf25
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-