General
-
Target
DHL varış Bildirimi _251407467, pdf.exe
-
Size
155KB
-
Sample
220922-mesnmsehen
-
MD5
177fa2fcb4db306c95cb0a7bc05aa6d6
-
SHA1
f5d409c93b800a6d3367817285f6e78229c174ba
-
SHA256
5173308acdc7cfbb18621685a0a5a6db64ad1c95aadbe4cceca348f071239245
-
SHA512
cdf5b6e0b9fd3e198177e4d7e0759ecbfd00d29cc57d4114d6c8ff4469089e48df07c5f659ccd9d34eac792a7482727a31243b8cab50c53058d32fa2792ab86a
-
SSDEEP
3072:u82ZI4qxMBNTfPYBZdpFyHhfYNDew2Lj1DzOHm:u8YqWBJHYBvOHeN2L5WG
Malware Config
Extracted
azorult
http://huizechina.co/PL341/index.php
Targets
-
-
Target
DHL varış Bildirimi _251407467, pdf.exe
-
Size
155KB
-
MD5
177fa2fcb4db306c95cb0a7bc05aa6d6
-
SHA1
f5d409c93b800a6d3367817285f6e78229c174ba
-
SHA256
5173308acdc7cfbb18621685a0a5a6db64ad1c95aadbe4cceca348f071239245
-
SHA512
cdf5b6e0b9fd3e198177e4d7e0759ecbfd00d29cc57d4114d6c8ff4469089e48df07c5f659ccd9d34eac792a7482727a31243b8cab50c53058d32fa2792ab86a
-
SSDEEP
3072:u82ZI4qxMBNTfPYBZdpFyHhfYNDew2Lj1DzOHm:u8YqWBJHYBvOHeN2L5WG
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-