Overview

overview

10

Static

static

5

AIR-WAY BI...80.exe

windows7-x64

10

AIR-WAY BI...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AIR-WAY BILL AWB#6209011980.exe

  • Size

    1.5MB

  • Sample

    240219-g1fy3sah48

  • MD5

    ef25ff0d23d8da1b5250fd896896f53e

  • SHA1

    390d474c015306ebd252978d7dba78720238543b

  • SHA256

    7406da890d87374ab8f524683aef1c11f201068b95095aa20ac3712daaa0c5b3

  • SHA512

    976a67d43491a9b81ee04bb9fc80fc2f08c8b4415bbffad50be1a6e67912cb5995cbded04990397df78af785c60bbf89a1d1d0626aca1ec091344293424ea49d

  • SSDEEP

    49152:FTvC/MTQYxsWR7acyejdjIQl6kX7sXf8n0irmNmSb6HCjsZ:pjTQYxsWR5yejdjIQl6kX7sXf8nzrm8l

Score
10/10
azorultcollectioninfostealerspywarestealertrojan

Malware Config

Extracted

Family

azorult

C2

http://mhlc.shop/MC341/index.php

Targets

    • Target

      AIR-WAY BILL AWB#6209011980.exe

    • Size

      1.5MB

    • MD5

      ef25ff0d23d8da1b5250fd896896f53e

    • SHA1

      390d474c015306ebd252978d7dba78720238543b

    • SHA256

      7406da890d87374ab8f524683aef1c11f201068b95095aa20ac3712daaa0c5b3

    • SHA512

      976a67d43491a9b81ee04bb9fc80fc2f08c8b4415bbffad50be1a6e67912cb5995cbded04990397df78af785c60bbf89a1d1d0626aca1ec091344293424ea49d

    • SSDEEP

      49152:FTvC/MTQYxsWR7acyejdjIQl6kX7sXf8n0irmNmSb6HCjsZ:pjTQYxsWR5yejdjIQl6kX7sXf8nzrm8l

    Score
    10/10
    azorultcollectioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks