Overview

overview

10

Static

static

ACE Order ...df.exe

windows7-x64

10

ACE Order ...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ACE Order - 1200151H1UR717,pdf.exe

  • Size

    610KB

  • Sample

    221005-hcxgladee6

  • MD5

    9e128fe9edbbeb393786af660b41a478

  • SHA1

    3debab9395c8f1c2c1ed33840a9236f1190482f9

  • SHA256

    b7aea48f50c4a92859e7447442968c1655f5122d90de0e2a490ecf7be663b32c

  • SHA512

    401bce91b601348d9773868cf03047df9330c747dd05c51e9d6282423e20979b174e53ea98aab8f1a8ac0d733c5c1f08d4ab2d534aa07debfdc3f9d8ef42cc98

  • SSDEEP

    12288:Q2bTTSCvz9cdZxluepSXhgv1hj4kpTEXst:Q2bvjv2OepSXhgvDjnpYct

Score
10/10
azorultcollectioninfostealerspywarestealertrojan

Malware Config

Extracted

Family

azorult

C2

http://141.98.6.75/dike/index.php

Targets

    • Target

      ACE Order - 1200151H1UR717,pdf.exe

    • Size

      610KB

    • MD5

      9e128fe9edbbeb393786af660b41a478

    • SHA1

      3debab9395c8f1c2c1ed33840a9236f1190482f9

    • SHA256

      b7aea48f50c4a92859e7447442968c1655f5122d90de0e2a490ecf7be663b32c

    • SHA512

      401bce91b601348d9773868cf03047df9330c747dd05c51e9d6282423e20979b174e53ea98aab8f1a8ac0d733c5c1f08d4ab2d534aa07debfdc3f9d8ef42cc98

    • SSDEEP

      12288:Q2bTTSCvz9cdZxluepSXhgv1hj4kpTEXst:Q2bvjv2OepSXhgvDjnpYct

    Score
    10/10
    azorultcollectioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks