General

  • Target

    PO81000383.exe

  • Size

    1.8MB

  • Sample

    231219-z4fftsddcp

  • MD5

    03c2f7ed0754dda8b46a551af4b23132

  • SHA1

    4274b308a6f0516327ff877b9f1eebb43829d723

  • SHA256

    c948e487a067b608870802bcfbb0dee5c31f06f656ec5f805aea16fcf1960a2a

  • SHA512

    aebcc0311d50c46c1f0876fd32ae87c6f6afa04ad92ba2ad47a837a8d5491837b439be529b3bf559fb123c6b641e9b56a96f538d481b929656b31029f8b0e614

  • SSDEEP

    49152:0dVkxOIFxC1N2Tf9UbH0WsE4qSyZn80jTWVxiTF57TEl:0dVkxhxC1Ni1409nNu80jUiXkl

Malware Config

Targets

    • Target

      PO81000383.exe

    • Size

      1.8MB

    • MD5

      03c2f7ed0754dda8b46a551af4b23132

    • SHA1

      4274b308a6f0516327ff877b9f1eebb43829d723

    • SHA256

      c948e487a067b608870802bcfbb0dee5c31f06f656ec5f805aea16fcf1960a2a

    • SHA512

      aebcc0311d50c46c1f0876fd32ae87c6f6afa04ad92ba2ad47a837a8d5491837b439be529b3bf559fb123c6b641e9b56a96f538d481b929656b31029f8b0e614

    • SSDEEP

      49152:0dVkxOIFxC1N2Tf9UbH0WsE4qSyZn80jTWVxiTF57TEl:0dVkxhxC1Ni1409nNu80jUiXkl

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks