General
-
Target
Re-Quote Request.doc
-
Size
59KB
-
Sample
230912-jphpmsec2y
-
MD5
ae1d87f464d461d99b30cac5281b7996
-
SHA1
f64fdb90007a6df2367647ca72c0f1f9750a4c8f
-
SHA256
a5da3806f527cf4d8bf0543abad4f1a1d4e5795cfb10336533938100d630c62e
-
SHA512
66b6a3e085d66f2d38e31bf8e2a0f24713718110418aad308ee3fe880090930a4dbce93755b5b987ed807cd121b001740648fcf1505429199946a00c7dbbb870
-
SSDEEP
768:7wAbZSibMX9gRWj/MWGlsp42ld35ommRlPKafbeShLV3GFuDZT8GImw1t:7wAlRaXp46XNmRlbGEVTDIX/
Static task
static1
Behavioral task
behavioral1
Sample
Re-Quote Request.rtf
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Re-Quote Request.rtf
Resource
win10v2004-20230831-en
Malware Config
Extracted
azorult
http://185.28.39.18:7777/asiamandarin.buzz/deval/index.php
Targets
-
-
Target
Re-Quote Request.doc
-
Size
59KB
-
MD5
ae1d87f464d461d99b30cac5281b7996
-
SHA1
f64fdb90007a6df2367647ca72c0f1f9750a4c8f
-
SHA256
a5da3806f527cf4d8bf0543abad4f1a1d4e5795cfb10336533938100d630c62e
-
SHA512
66b6a3e085d66f2d38e31bf8e2a0f24713718110418aad308ee3fe880090930a4dbce93755b5b987ed807cd121b001740648fcf1505429199946a00c7dbbb870
-
SSDEEP
768:7wAbZSibMX9gRWj/MWGlsp42ld35ommRlPKafbeShLV3GFuDZT8GImw1t:7wAlRaXp46XNmRlbGEVTDIX/
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-