General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.8698.28600.xlsx
-
Size
156KB
-
Sample
221010-ckjyksacf6
-
MD5
4a619f6597c59982c96a7e422d917c7c
-
SHA1
1d571c8f6746ab456ca7a69caf0b13b344f87229
-
SHA256
26d76d9ad5d5ed566ab18b0d4a8527be163d8e998124fbb357ed7bdc4b38aa27
-
SHA512
bff2dea888c93603decd047519da27684f866e40dfd6ef29d181eca576bad300c9d813877723ff855edf505f1acc9add8358ed71a5e3d5002a62041c8da37dc5
-
SSDEEP
3072:HjTI8aZjTI8Nvi/222qv8szQ6VTLICfdSS32vY3Cn+WUNeBcRF8uYPCoz/wdxD:DTgBTzy22Hv8KQ6VZwpA3C++Gj87zYdx
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.8698.28600.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.8698.28600.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
azorult
http://huzcihna.shop/PL341/index.php
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.8698.28600.xlsx
-
Size
156KB
-
MD5
4a619f6597c59982c96a7e422d917c7c
-
SHA1
1d571c8f6746ab456ca7a69caf0b13b344f87229
-
SHA256
26d76d9ad5d5ed566ab18b0d4a8527be163d8e998124fbb357ed7bdc4b38aa27
-
SHA512
bff2dea888c93603decd047519da27684f866e40dfd6ef29d181eca576bad300c9d813877723ff855edf505f1acc9add8358ed71a5e3d5002a62041c8da37dc5
-
SSDEEP
3072:HjTI8aZjTI8Nvi/222qv8szQ6VTLICfdSS32vY3Cn+WUNeBcRF8uYPCoz/wdxD:DTgBTzy22Hv8KQ6VZwpA3C++Gj87zYdx
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-