Extracted

• • Target

    DHL_VARI.EXE

  • Size

    155KB

  • MD5

    177fa2fcb4db306c95cb0a7bc05aa6d6

  • SHA1

    f5d409c93b800a6d3367817285f6e78229c174ba

  • SHA256

    5173308acdc7cfbb18621685a0a5a6db64ad1c95aadbe4cceca348f071239245

  • SHA512

    cdf5b6e0b9fd3e198177e4d7e0759ecbfd00d29cc57d4114d6c8ff4469089e48df07c5f659ccd9d34eac792a7482727a31243b8cab50c53058d32fa2792ab86a

  • SSDEEP

    3072:u82ZI4qxMBNTfPYBZdpFyHhfYNDew2Lj1DzOHm:u8YqWBJHYBvOHeN2L5WG

  Score

  10^/10

  azorultcollectioninfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2