General

  • Target

    ffe63aecb926ed305039dda5b7102cdfa7bb826126dc0b178e700d7782441579.exe

  • Size

    722KB

  • Sample

    231127-vxczxaag9w

  • MD5

    e7d8ea8f7edeab9c00e6916db9cddf6d

  • SHA1

    5f6900b970ae01fe9cacd3c054bb6fac4ccd113c

  • SHA256

    ffe63aecb926ed305039dda5b7102cdfa7bb826126dc0b178e700d7782441579

  • SHA512

    1473a995616f289481fc7bf364a5b097c15eb2890c570d3c58b564cbb1f3457320c89f9f816ab96dfb7adc73a769672b9adad81b4bc3362905914694c377fd5b

  • SSDEEP

    12288:GcqMWxQR0RULXAhXmv58VA4mM5ryp+DDokyE779mrgBvrw:Gn+RMSAhXoG1cp+DDkE779mIE

Malware Config

Targets

    • Target

      ffe63aecb926ed305039dda5b7102cdfa7bb826126dc0b178e700d7782441579.exe

    • Size

      722KB

    • MD5

      e7d8ea8f7edeab9c00e6916db9cddf6d

    • SHA1

      5f6900b970ae01fe9cacd3c054bb6fac4ccd113c

    • SHA256

      ffe63aecb926ed305039dda5b7102cdfa7bb826126dc0b178e700d7782441579

    • SHA512

      1473a995616f289481fc7bf364a5b097c15eb2890c570d3c58b564cbb1f3457320c89f9f816ab96dfb7adc73a769672b9adad81b4bc3362905914694c377fd5b

    • SSDEEP

      12288:GcqMWxQR0RULXAhXmv58VA4mM5ryp+DDokyE779mrgBvrw:Gn+RMSAhXoG1cp+DDkE779mIE

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks