General
-
Target
Pay Slip.exe
-
Size
1.8MB
-
Sample
231219-1gre9aghhm
-
MD5
d896b950e9f01c31e0b75d202afddd32
-
SHA1
de7e0b58b1f4a3fb13e6edbfede523741279a326
-
SHA256
aba7133b1ccdb78338fe271d73689bac4f40251b8fc194a9b86253a71e4017cc
-
SHA512
e5a4665e2b844043b6e0ad72d469ea390d7346baea4951cfe691ed76da1a03d69ef613d6d8aa44f91f5d101b012224a23f6869416eb50ab4c618826e415f747c
-
SSDEEP
49152:gaC9+JjVSDF9S2/b84qn+gNZojiQ/7RUImQTIuGB32lf:g9AVQDxb8nJZo//Vt9G92lf
Static task
static1
Behavioral task
behavioral1
Sample
Pay Slip.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Pay Slip.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Pay Slip.exe
-
Size
1.8MB
-
MD5
d896b950e9f01c31e0b75d202afddd32
-
SHA1
de7e0b58b1f4a3fb13e6edbfede523741279a326
-
SHA256
aba7133b1ccdb78338fe271d73689bac4f40251b8fc194a9b86253a71e4017cc
-
SHA512
e5a4665e2b844043b6e0ad72d469ea390d7346baea4951cfe691ed76da1a03d69ef613d6d8aa44f91f5d101b012224a23f6869416eb50ab4c618826e415f747c
-
SSDEEP
49152:gaC9+JjVSDF9S2/b84qn+gNZojiQ/7RUImQTIuGB32lf:g9AVQDxb8nJZo//Vt9G92lf
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-