General
-
Target
Fw Ordine di acquisto n.129097.exe
-
Size
533KB
-
Sample
220928-m3d56aggem
-
MD5
184c2d17475024dd60bd1eafab0c131c
-
SHA1
37608c2cf7feb3c74a193807ac445b6f4981b6c6
-
SHA256
432c99b8f1108ed0d94b7b1e620b230f8f55c47ca62c0fcdd1a3afac8548f239
-
SHA512
bd0962f5fc7a42ff78eb9e142e119129074a14d17ca93209aca4a2900b3f8dc822870ae1f597acb15fbfa16f01993185daa020d779de4dd7492c0c44732a5137
-
SSDEEP
12288:DToPWBv/cpGrU3yppoSw7omMO+aJlyv7wkk7:DTbBv5rUOpMom5JUv7wP
Static task
static1
Behavioral task
behavioral1
Sample
Fw Ordine di acquisto n.129097.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Fw Ordine di acquisto n.129097.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Fw Ordine di acquisto n.129097.exe
-
Size
533KB
-
MD5
184c2d17475024dd60bd1eafab0c131c
-
SHA1
37608c2cf7feb3c74a193807ac445b6f4981b6c6
-
SHA256
432c99b8f1108ed0d94b7b1e620b230f8f55c47ca62c0fcdd1a3afac8548f239
-
SHA512
bd0962f5fc7a42ff78eb9e142e119129074a14d17ca93209aca4a2900b3f8dc822870ae1f597acb15fbfa16f01993185daa020d779de4dd7492c0c44732a5137
-
SSDEEP
12288:DToPWBv/cpGrU3yppoSw7omMO+aJlyv7wkk7:DTbBv5rUOpMom5JUv7wP
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-