General

  • Target

    NUEVA ORDEN-MATSA 10-2022,.exe

  • Size

    162KB

  • Sample

    221003-qtpgbahdgj

  • MD5

    5bb547610939ac07657f6216a28498cb

  • SHA1

    89eadfa478804f0a5798e26871ff45c4906349ee

  • SHA256

    3d70466e2cb7b2b051feb16750acb3b40af81f4595a0c0ffa865c13907820ca2

  • SHA512

    42279f2771b176bb6d642ce76b88064fd1fefc8253b75feedb038ddaf8427d2e2179266140be9a87337957f3b584c6bdef3bef39d33059ff350e1d1567d65761

  • SSDEEP

    3072:23Onsvm9E08KqGhoz/AbFuaYJH75up/YhIejP0e8xLqPyBXq:mhv2E9fG2zOuauHu/YTjMe8

Malware Config

Extracted

Family

azorult

C2

http://cinho.shop/PL341/index.php

Targets

    • Target

      NUEVA ORDEN-MATSA 10-2022,.exe

    • Size

      162KB

    • MD5

      5bb547610939ac07657f6216a28498cb

    • SHA1

      89eadfa478804f0a5798e26871ff45c4906349ee

    • SHA256

      3d70466e2cb7b2b051feb16750acb3b40af81f4595a0c0ffa865c13907820ca2

    • SHA512

      42279f2771b176bb6d642ce76b88064fd1fefc8253b75feedb038ddaf8427d2e2179266140be9a87337957f3b584c6bdef3bef39d33059ff350e1d1567d65761

    • SSDEEP

      3072:23Onsvm9E08KqGhoz/AbFuaYJH75up/YhIejP0e8xLqPyBXq:mhv2E9fG2zOuauHu/YTjMe8

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks