General

  • Target

    E-dekont.exe

  • Size

    428KB

  • Sample

    230918-ln6q7agd9t

  • MD5

    e8a153e5c9b2877094956d22c19eb705

  • SHA1

    1253f46d7af34ed3d50b034cda00d1da91e8ef67

  • SHA256

    52a6054ac0539a5849ae2c8d0651ed2bedb1ee17efe0e79a57a02560df521291

  • SHA512

    f87711c2611dff2aa5cd177bc9e3e1c03a4fbbe4c990de9a06d5751926bafc802630f9876ebb12a5af637c87b58255b18936a096ab36fa2268eaffee87935916

  • SSDEEP

    6144:xB+pgUvsgje7ILH3W3eA42PMBaQGuJkM6NG3rpgDCDe1Bd2r3tI16Asxxs0vWjKD:xgnN+4H3W3KmMJgKpgDnBY5AWK0ejKD

Malware Config

Targets

    • Target

      E-dekont.exe

    • Size

      428KB

    • MD5

      e8a153e5c9b2877094956d22c19eb705

    • SHA1

      1253f46d7af34ed3d50b034cda00d1da91e8ef67

    • SHA256

      52a6054ac0539a5849ae2c8d0651ed2bedb1ee17efe0e79a57a02560df521291

    • SHA512

      f87711c2611dff2aa5cd177bc9e3e1c03a4fbbe4c990de9a06d5751926bafc802630f9876ebb12a5af637c87b58255b18936a096ab36fa2268eaffee87935916

    • SSDEEP

      6144:xB+pgUvsgje7ILH3W3eA42PMBaQGuJkM6NG3rpgDCDe1Bd2r3tI16Asxxs0vWjKD:xgnN+4H3W3KmMJgKpgDnBY5AWK0ejKD

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks