Overview

overview

10

Static

static

Sipariş [...df.exe

windows7-x64

10

Sipariş [...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sipariş [Adex] 260922,pdf.exe

  • Size

    187KB

  • Sample

    220927-gpqzxacfg4

  • MD5

    f58ff75d00e77a904ef250a3500d45c8

  • SHA1

    b7827dd31961c385862f71731ff017979763be4f

  • SHA256

    8a07e0548084f0e3f3334cdf0c8d0b3e1c57e0b33c7df3159d6da4d11931f9ce

  • SHA512

    8777553c8d603d6708dde65648206d4671f928c356e4aa90a0a7a0ba9ee6d2a12ffd5c7a91ed2eba16a44951d3465e7ba53c4b0455ea6ac6538ab3c64398eae8

  • SSDEEP

    3072:W1hm+LhGrfWEk2RDhEtMjHY+Er2UGgEr0Llr3Lmcjj8PuOfHkSyTFq:GQ+sjxk2RDh+MzIuBEZ3LB02

Score
10/10
azorultcollectioninfostealerspywarestealertrojan

Malware Config

Extracted

Family

azorult

C2

http://kngpdrp.shop/PL341/index.php

Targets

    • Target

      Sipariş [Adex] 260922,pdf.exe

    • Size

      187KB

    • MD5

      f58ff75d00e77a904ef250a3500d45c8

    • SHA1

      b7827dd31961c385862f71731ff017979763be4f

    • SHA256

      8a07e0548084f0e3f3334cdf0c8d0b3e1c57e0b33c7df3159d6da4d11931f9ce

    • SHA512

      8777553c8d603d6708dde65648206d4671f928c356e4aa90a0a7a0ba9ee6d2a12ffd5c7a91ed2eba16a44951d3465e7ba53c4b0455ea6ac6538ab3c64398eae8

    • SSDEEP

      3072:W1hm+LhGrfWEk2RDhEtMjHY+Er2UGgEr0Llr3Lmcjj8PuOfHkSyTFq:GQ+sjxk2RDh+MzIuBEZ3LB02

    Score
    10/10
    azorultcollectioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks