General
-
Target
doc000993293.rar
-
Size
340KB
-
Sample
230918-kwc86saf58
-
MD5
539b9abf3f1d07d6aece30ab034799ac
-
SHA1
27a89545a8d6711d8af27f287a3f667390540374
-
SHA256
b8a87d2aa3d09f165e7b74c285393fe56c384c358e31f07243223106fa315bac
-
SHA512
967dd19a061e217dfcd263cc2e186085c79a630b93cd9b7e914ded23e2e0d68f446012067e6a94b4cf5cbc939df29b0b2df0eaa1fe743f5011c0b4977b563d8c
-
SSDEEP
6144:r6gIYpJFcxjqyPrOxOhy0t0e0pYYFIBGcW5fIkpNvXbkDw7VdVASw:mglpHcxzOcoVLpYtkh5fIkfvew75Nw
Static task
static1
Behavioral task
behavioral1
Sample
Begraensningen.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Begraensningen.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
Begraensningen.exe
-
Size
423KB
-
MD5
67550518a3434e0bc380ca85ec053295
-
SHA1
88bde13bf178d6e84f0ea16cf84006574c2e1ab9
-
SHA256
2340f884236aaa127f58da3f0cd257a6ee2aabd974bb409ec4f07ea01d5f045b
-
SHA512
dba25e03bf36a7744a3b31ee7c4a4cace70a762dd0c57e26eb801856e8c3af61ec7f6a289c8332cefe741d7eef8419df4bf53fe645223b10e91f428336061105
-
SSDEEP
6144:xB+pgUvsgje7ILcuqHy74ZhR0NmnK/2+Rc/gDHbJ75E0ME9p5FU8:xgnN+4cPSOhR0snK7RGkb/fME9jFU8
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-