Overview

overview

10

Static

static

Inkooporde...22.exe

windows7-x64

10

Inkooporde...22.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inkooporders voor factuur 28-09-22.exe

  • Size

    533KB

  • Sample

    220928-m3d56affe5

  • MD5

    f584ef2a91ec8d00f9b994e179739507

  • SHA1

    8a30920e87cdb9710158c2e98c01d2493da2d166

  • SHA256

    f56bd344f2e9650ba6def3340bc5ac26472ea615744b38786d5445a75a0e51b4

  • SHA512

    500483f129bc60700afb8eeb6c24b89cf953a25f743d001682ae03884b43d693f32ac25455dbb6f87159b2c3ab3d58ae30453bac4058f6962eda6939bff2bd2b

  • SSDEEP

    12288:DToPWBv/cpGrU3yppoSw7omim9MesGI1BE2Znk:DTbBv5rUOpMom3MesGIk

Score
10/10
azorultinfostealertrojan

Malware Config

Targets

    • Target

      Inkooporders voor factuur 28-09-22.exe

    • Size

      533KB

    • MD5

      f584ef2a91ec8d00f9b994e179739507

    • SHA1

      8a30920e87cdb9710158c2e98c01d2493da2d166

    • SHA256

      f56bd344f2e9650ba6def3340bc5ac26472ea615744b38786d5445a75a0e51b4

    • SHA512

      500483f129bc60700afb8eeb6c24b89cf953a25f743d001682ae03884b43d693f32ac25455dbb6f87159b2c3ab3d58ae30453bac4058f6962eda6939bff2bd2b

    • SSDEEP

      12288:DToPWBv/cpGrU3yppoSw7omim9MesGI1BE2Znk:DTbBv5rUOpMom3MesGIk

    Score
    10/10
    azorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks