General
-
Target
PO & DATASHEET_1.zip
-
Size
128KB
-
Sample
230324-kh5q9sdb75
-
MD5
02b4fe8d20fbb40f6f198ad2e2bb4f05
-
SHA1
aed4141ecdb8754f906f7ce571e2705e36e3d5e6
-
SHA256
80c8ab4dcf64f9a2bcbeb1ef6f1f8b1b7ccb55039c0bae6a9957ffed097fe6be
-
SHA512
70083cf052f6f4e02e059b399b35b9abf3d745075f47b776b8aa77fec454212acc22e1106885ea2f900decd7810fc82c53cb597c732548fae37bb23483e34739
-
SSDEEP
3072:/sVXb3QSFe2MhkVgDdSBc7u6KGIFlubiDCC3XbCji2Ic2KPLDk:/sVrgglxudSBc7u6K7luYCCGe2R2Svk
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
azorult
http://34.217.22.124/index.php
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
158KB
-
MD5
ce84573aa1706cc43cc2fea8a1c98447
-
SHA1
71af640bba2e156311b277f62faa49af184a864b
-
SHA256
4be5fa9ac61777638bf7550de77fffee6aa150b0e5c55612753f5fe3d931d885
-
SHA512
e0bb1ab721099aec4ff92c550460e94cc8ef9662a2f44ac977f793bd5d8633b0969ae5c502b2f8dcffb1710f55e63672709a4cab2d4e86a530ed70209bb17aa1
-
SSDEEP
3072:Gc+LTYERpkurjMNT8dG8LiykZrFMM/j0dRDaUmwb:kLTYm3XsGG8uykxjsDaUmw
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-