General
-
Target
Cables_VPO_SP.9686_Flex_rev_2_BL65338,pdf.exe
-
Size
301KB
-
Sample
221006-lnc4waghe5
-
MD5
d960b3e0168dd87929cde5db76640a98
-
SHA1
09bd3506732632d1e53d5621824d580f9672b966
-
SHA256
9bfc792969975ce424f8d95a5557f038a62bd9c309abea023b1c04671d83023c
-
SHA512
1578e67af6e06a43ca35ae4f42eac21aa8ebcd78ae83f0c66d5d54f60116b061bc74f470dcfdd27d3cb363fe550cf9896f9cd0bef58016c02a57bd77a4a4ed37
-
SSDEEP
3072:qmLmmuJadLS4EUwpxYWuKQ8tNK/zQ7xRCXGa03forfOi71hEbaFSkjiRrPEjq:qpJaBSHU8YWuKQ8tNMzQVm03fta+
Malware Config
Extracted
azorult
http://141.98.6.75/dike/index.php
Targets
-
-
Target
Cables_VPO_SP.9686_Flex_rev_2_BL65338,pdf.exe
-
Size
301KB
-
MD5
d960b3e0168dd87929cde5db76640a98
-
SHA1
09bd3506732632d1e53d5621824d580f9672b966
-
SHA256
9bfc792969975ce424f8d95a5557f038a62bd9c309abea023b1c04671d83023c
-
SHA512
1578e67af6e06a43ca35ae4f42eac21aa8ebcd78ae83f0c66d5d54f60116b061bc74f470dcfdd27d3cb363fe550cf9896f9cd0bef58016c02a57bd77a4a4ed37
-
SSDEEP
3072:qmLmmuJadLS4EUwpxYWuKQ8tNK/zQ7xRCXGa03forfOi71hEbaFSkjiRrPEjq:qpJaBSHU8YWuKQ8tNMzQVm03fta+
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-