Overview

overview

10

Static

static

SecuriteIn...18.exe

windows7-x64

10

SecuriteIn...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.DownloaderNET.345.20521.10418.exe

  • Size

    316KB

  • Sample

    220929-ytt1ssbhc9

  • MD5

    3a8a10958da9340b413629b58a68e786

  • SHA1

    7c2dc59b034ffbaa569e48b3b823f6ae9bf1e409

  • SHA256

    795288d5ee47df7efd55788fec6bfb27cab02fd89e3fb71b62c977055d314053

  • SHA512

    86b6d10c247a99eea4807e165c8d5690ac0529871b524d0fa58815f23ec1b16aa0cd1f14ccc4f8e79de3442d132f1624a997fac0b1926b4081a0499a175a5304

  • SSDEEP

    3072:yieBbbMwAlVLowSYKZF22FSRMtHXhimFwqI2DNeh71hEbaFSkjiRrPWdq:28w3w9KZbIMtHxFKq5Fa+

Score
10/10
azorultcollectioninfostealerspywarestealertrojan

Malware Config

Extracted

Family

azorult

C2

http://cinho.shop/PL341/index.php

Targets

    • Target

      SecuriteInfo.com.Trojan.DownloaderNET.345.20521.10418.exe

    • Size

      316KB

    • MD5

      3a8a10958da9340b413629b58a68e786

    • SHA1

      7c2dc59b034ffbaa569e48b3b823f6ae9bf1e409

    • SHA256

      795288d5ee47df7efd55788fec6bfb27cab02fd89e3fb71b62c977055d314053

    • SHA512

      86b6d10c247a99eea4807e165c8d5690ac0529871b524d0fa58815f23ec1b16aa0cd1f14ccc4f8e79de3442d132f1624a997fac0b1926b4081a0499a175a5304

    • SSDEEP

      3072:yieBbbMwAlVLowSYKZF22FSRMtHXhimFwqI2DNeh71hEbaFSkjiRrPWdq:28w3w9KZbIMtHxFKq5Fa+

    Score
    10/10
    azorultcollectioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks