General
-
Target
Contract_LPO_SHEET_470168.exe
-
Size
768KB
-
Sample
231211-zlz3hshbbl
-
MD5
fd6e71b54b99e511b6ee1d080b5704ad
-
SHA1
2a30b0a671807d966b44d8c743413f82945adf78
-
SHA256
46c4967e83a9a7f9cc87bceee586824640105f6bfddc89698684b374870023d9
-
SHA512
aaeca03e8072c86474238351250329ceb505b77415c65a43404c586657b25a7c3cd71eec862fbf35b255aa48b23d70dad0ca6bf47d67ccf9c8681c3a3404e3d3
-
SSDEEP
12288:+qwwbXXytzEDujljpEbPLJspWYBeDZFIi/c+o/hyBfzj7ELAplrOeC/z3bAdJv:NLytM2lSjY1DL4fv7EKrD+zLAd5
Malware Config
Targets
-
-
Target
Contract_LPO_SHEET_470168.exe
-
Size
768KB
-
MD5
fd6e71b54b99e511b6ee1d080b5704ad
-
SHA1
2a30b0a671807d966b44d8c743413f82945adf78
-
SHA256
46c4967e83a9a7f9cc87bceee586824640105f6bfddc89698684b374870023d9
-
SHA512
aaeca03e8072c86474238351250329ceb505b77415c65a43404c586657b25a7c3cd71eec862fbf35b255aa48b23d70dad0ca6bf47d67ccf9c8681c3a3404e3d3
-
SSDEEP
12288:+qwwbXXytzEDujljpEbPLJspWYBeDZFIi/c+o/hyBfzj7ELAplrOeC/z3bAdJv:NLytM2lSjY1DL4fv7EKrD+zLAd5
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-