Overview
overview
10Static
static
349af717ec1...ff.exe
windows7-x64
1049af717ec1...ff.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Baggrundsv...og.dll
windows7-x64
1Baggrundsv...og.dll
windows10-2004-x64
1Fiberstof/...ds.vbs
windows7-x64
1Fiberstof/...ds.vbs
windows10-2004-x64
1General
-
Target
35642a19253d8919cb937152c8e9ce1d.bin
-
Size
316KB
-
Sample
240208-bmw59aac9s
-
MD5
c97f32666c40f045dcf26df95078079a
-
SHA1
37c7d577810b3b29421840f33aa5eacd116f27c8
-
SHA256
7e633aabe1b11be25c3f51accb272d25857bfa8fe35788fbc33e5c1952456248
-
SHA512
c037d426072d42560c9bc64427e6380d4f5998a5b890a6528c913871520ce0cdb1deef46bb3af63bbd0443324c97488e57fa945cb7ee95d0c748276f66050187
-
SSDEEP
6144:V7JC7TTm3PIPGDXw/x88l2I2Qb4fcOhgzcHZMhbQ4+6wUSQfwcd9I4ry:m7PowywZ92bQkUO2AWhbJjowW4e
Static task
static1
Behavioral task
behavioral1
Sample
49af717ec15e64b6d7b2f269fc84dccc1ddbe400611eb6b6bdc429674d4561ff.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
49af717ec15e64b6d7b2f269fc84dccc1ddbe400611eb6b6bdc429674d4561ff.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
Baggrundsviden/vtablog.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Baggrundsviden/vtablog.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Fiberstof/Ratioen/keywords.vbs
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Fiberstof/Ratioen/keywords.vbs
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
49af717ec15e64b6d7b2f269fc84dccc1ddbe400611eb6b6bdc429674d4561ff.exe
-
Size
616KB
-
MD5
35642a19253d8919cb937152c8e9ce1d
-
SHA1
5811d05416ae2f3541dc4fb8386bcce9a023a4fe
-
SHA256
49af717ec15e64b6d7b2f269fc84dccc1ddbe400611eb6b6bdc429674d4561ff
-
SHA512
d8c95b15cf549fda5b0bbd06fa24e49c645d4b553b0d2a9545b2b51d42e695a03f86436bb9cc360a67df4eded71bddaa0519312eaa09951c411b0935e55fd258
-
SSDEEP
12288:MkKnLVq69Hrc82yTPZodHtRWztKK7RG1Jz8Ap2x9c8Q04fz/sGoisDsCVVLyOwxM:AQy6ONsqLyOwxIETr2
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
17ed1c86bd67e78ade4712be48a7d2bd
-
SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0
-
SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
-
SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
SSDEEP
192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score3/10 -
-
-
Target
Baggrundsviden/vtablog.dll
-
Size
268KB
-
MD5
35119e61479373ba5d7433f106556e79
-
SHA1
096a7d227eb2514d76ec5d10bfd1cf165d4a9177
-
SHA256
f21d9de02c67e51bb9f7163f676f2d4710b2befae04fd0751a63cf1278c48a3c
-
SHA512
21318d0924393c8269419df5acc0c07ca2f754fd9d9ad80d393cf7ebec1b16986d123f2775ae210383b7faa106ed84e829c949004a123da844c07f2b46387453
-
SSDEEP
3072:s1vaCg+eY9yp71driAAYBnk/+eeaQyJen3n83fucakiD88iryUBw:ovDgZYq/rzfNufuceD5UBw
Score1/10 -
-
-
Target
Fiberstof/Ratioen/keywords.txt
-
Size
1010B
-
MD5
4d3c8d141484bbb0b8be03c13894ec9f
-
SHA1
1fbb29a4d6a1f48745e6d67bfa110306bc54c6ba
-
SHA256
c74e743057bfb38a767f3666df1d16587e2e529a070d1621be0e737366011471
-
SHA512
e4b9dd5c3585c24301ac71d7849616d680b25d2b340192c31c3de38a9546564cb30aa1b08bdbcba9e3b87303cd5f3bdb93e37c399bc9d056a68b9bbc7a0a3329
Score1/10 -