Overview

overview

10

Static

static

1

c948e487a0...2a.exe

windows7-x64

10

c948e487a0...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03c2f7ed0754dda8b46a551af4b23132.bin

  • Size

    1.8MB

  • Sample

    231221-bdff5shed5

  • MD5

    9d054ebe4f3000b27bbacf4eb96d8a4f

  • SHA1

    e37977d18c27253d13befc6ac096e9fba83deba4

  • SHA256

    d17037827fcf48786dc294937e06b05c6fc90813e0041a4b36b2d99b7dc48900

  • SHA512

    0622199d82de6fe5c1b77f1afc9ee1ef8e2474458da06c074e903d4f70c53867b4d447acc84ab1b39d252d88184bdb05cbf21d01ce3702e765ec0f47aa3d7244

  • SSDEEP

    49152:g0mRZoUUPHIX8n40To1qaXPCTy4+fFK/onKszt:qRZoxbnbos4PCyjFMonlt

Score
10/10
azorultcollectioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      c948e487a067b608870802bcfbb0dee5c31f06f656ec5f805aea16fcf1960a2a.exe

    • Size

      1.8MB

    • MD5

      03c2f7ed0754dda8b46a551af4b23132

    • SHA1

      4274b308a6f0516327ff877b9f1eebb43829d723

    • SHA256

      c948e487a067b608870802bcfbb0dee5c31f06f656ec5f805aea16fcf1960a2a

    • SHA512

      aebcc0311d50c46c1f0876fd32ae87c6f6afa04ad92ba2ad47a837a8d5491837b439be529b3bf559fb123c6b641e9b56a96f538d481b929656b31029f8b0e614

    • SSDEEP

      49152:0dVkxOIFxC1N2Tf9UbH0WsE4qSyZn80jTWVxiTF57TEl:0dVkxhxC1Ni1409nNu80jUiXkl

    Score
    10/10
    azorultcollectioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks