General

  • Target

    1132.xls

  • Size

    1.1MB

  • Sample

    231211-ssqdbsaegl

  • MD5

    15a4cb54baeca1e5a1a8fea8483ca1af

  • SHA1

    6f24d08fd83320e303d0cb3b48a2ba029b783d38

  • SHA256

    1cec950b5a2818af2a8419bac0f55467a9334824f86a060a1b4f555dfa4dfd1b

  • SHA512

    4d46852dad6e3294f2dbe65b10546104e711fd70a46466d895e19c0ebd8be0575796fe958ccc536ffe8abec2749f320160ed96115f1f1abdecfec1482cdde445

  • SSDEEP

    24576:Aw6/4ZyEAXZSqQw6/VZyuAXZSHN8Ow7cIP/BHzxatjU258wdy:b6/qKEG6//IEat7jPNlUjUm8K

Malware Config

Targets

    • Target

      1132.xls

    • Size

      1.1MB

    • MD5

      15a4cb54baeca1e5a1a8fea8483ca1af

    • SHA1

      6f24d08fd83320e303d0cb3b48a2ba029b783d38

    • SHA256

      1cec950b5a2818af2a8419bac0f55467a9334824f86a060a1b4f555dfa4dfd1b

    • SHA512

      4d46852dad6e3294f2dbe65b10546104e711fd70a46466d895e19c0ebd8be0575796fe958ccc536ffe8abec2749f320160ed96115f1f1abdecfec1482cdde445

    • SSDEEP

      24576:Aw6/4ZyEAXZSqQw6/VZyuAXZSHN8Ow7cIP/BHzxatjU258wdy:b6/qKEG6//IEat7jPNlUjUm8K

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks