General
-
Target
DOCU_957735271647895846_PDF.exe
-
Size
618KB
-
Sample
240131-m7gf3sagb6
-
MD5
31730b69ca484889e8a5c1735857de26
-
SHA1
132aa2c7565cb05760ff80752239aac47917097c
-
SHA256
b8a5f88f60837143f18dd1494a7195ac283b91d068668d1d34b4994a8148641c
-
SHA512
235af5322f3632cd42d3f38dfc7ddac6bd5e5e489b34f243f1ca7d4f56b672dfcb8a150f2fb48043b9fd11c8df92611bb336877d2d232a89523339708c2b252c
-
SSDEEP
12288:MkKnLVq69Hrc82yTPZodHtRWztKK7RG1Jz8Ap2x9c8Q04fz/sGoisDsCVVLRpf/T:AQy6ONsqLRpf/O1/zijTrT
Malware Config
Targets
-
-
Target
DOCU_957735271647895846_PDF.exe
-
Size
618KB
-
MD5
31730b69ca484889e8a5c1735857de26
-
SHA1
132aa2c7565cb05760ff80752239aac47917097c
-
SHA256
b8a5f88f60837143f18dd1494a7195ac283b91d068668d1d34b4994a8148641c
-
SHA512
235af5322f3632cd42d3f38dfc7ddac6bd5e5e489b34f243f1ca7d4f56b672dfcb8a150f2fb48043b9fd11c8df92611bb336877d2d232a89523339708c2b252c
-
SSDEEP
12288:MkKnLVq69Hrc82yTPZodHtRWztKK7RG1Jz8Ap2x9c8Q04fz/sGoisDsCVVLRpf/T:AQy6ONsqLRpf/O1/zijTrT
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
17ed1c86bd67e78ade4712be48a7d2bd
-
SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0
-
SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
-
SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
SSDEEP
192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score3/10 -
-
-
Target
Azotemic/Discontinuations/Lydkort/keywords.txt
-
Size
1010B
-
MD5
4d3c8d141484bbb0b8be03c13894ec9f
-
SHA1
1fbb29a4d6a1f48745e6d67bfa110306bc54c6ba
-
SHA256
c74e743057bfb38a767f3666df1d16587e2e529a070d1621be0e737366011471
-
SHA512
e4b9dd5c3585c24301ac71d7849616d680b25d2b340192c31c3de38a9546564cb30aa1b08bdbcba9e3b87303cd5f3bdb93e37c399bc9d056a68b9bbc7a0a3329
Score1/10 -
-
-
Target
Opprioriter/Brugerinterface/Belbsfeltet/Algores/vtablog.dll
-
Size
268KB
-
MD5
35119e61479373ba5d7433f106556e79
-
SHA1
096a7d227eb2514d76ec5d10bfd1cf165d4a9177
-
SHA256
f21d9de02c67e51bb9f7163f676f2d4710b2befae04fd0751a63cf1278c48a3c
-
SHA512
21318d0924393c8269419df5acc0c07ca2f754fd9d9ad80d393cf7ebec1b16986d123f2775ae210383b7faa106ed84e829c949004a123da844c07f2b46387453
-
SSDEEP
3072:s1vaCg+eY9yp71driAAYBnk/+eeaQyJen3n83fucakiD88iryUBw:ovDgZYq/rzfNufuceD5UBw
Score1/10 -