General

  • Target

    DHL-119055 de recibo,pdf.exe

  • Size

    336KB

  • Sample

    220928-t2h62shfer

  • MD5

    08bf261214d109955c81c62fb4e6cdd2

  • SHA1

    c748b86f978631c76bbb7f631360f431cd3ac3ad

  • SHA256

    18d7cdf63d95a5fd7bf6fff361655b6e8857b14d0444315b3ffca538877b9aa1

  • SHA512

    e122a86e427a4fde960857bc460d31a55255b48ee29e35339a00b4f949ba3f30a96aca517f2948f870faefcf021759a18abafea6e7e86f08371dc5dba567a3a5

  • SSDEEP

    3072:6rJZ3ZQ5F4VewO24oeK1z/JMUVoyfE5JCFZRtq971hEbaFSkjiRrP6Aq:yxO24oHz/jqJCFZeca+

Malware Config

Extracted

Family

azorult

C2

http://kngppdp.shop/PL341/index.php

Targets

    • Target

      DHL-119055 de recibo,pdf.exe

    • Size

      336KB

    • MD5

      08bf261214d109955c81c62fb4e6cdd2

    • SHA1

      c748b86f978631c76bbb7f631360f431cd3ac3ad

    • SHA256

      18d7cdf63d95a5fd7bf6fff361655b6e8857b14d0444315b3ffca538877b9aa1

    • SHA512

      e122a86e427a4fde960857bc460d31a55255b48ee29e35339a00b4f949ba3f30a96aca517f2948f870faefcf021759a18abafea6e7e86f08371dc5dba567a3a5

    • SSDEEP

      3072:6rJZ3ZQ5F4VewO24oeK1z/JMUVoyfE5JCFZRtq971hEbaFSkjiRrP6Aq:yxO24oHz/jqJCFZeca+

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks