General
-
Target
WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe
-
Size
960KB
-
Sample
240305-j6edjsad31
-
MD5
90559c1f9ac3d674ef0f89530f40e561
-
SHA1
dfc760de338a70ed58250c08976eb79e64612e8d
-
SHA256
51b655d0853dfede83ea8fc3eb2c63b5fefc4bd852d50591a5a78cb8bc9ce9d7
-
SHA512
71bf39fc2b4cc294cd5d149ce8c2ea3776478568915ad42f2d6c0ddca581bc89d470de728a831c974799f2f06a2fadfa959c13c9a1379d2cb7aa024492af9a4f
-
SSDEEP
24576:Atb20pkaCqT5TBWgNQ7aNdVxxg5lHZlLcmg6A:JVg5tQ7aNdVxyDLw5
Malware Config
Extracted
azorult
http://mhlc.shop/MC341/index.php
Targets
-
-
Target
WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe
-
Size
960KB
-
MD5
90559c1f9ac3d674ef0f89530f40e561
-
SHA1
dfc760de338a70ed58250c08976eb79e64612e8d
-
SHA256
51b655d0853dfede83ea8fc3eb2c63b5fefc4bd852d50591a5a78cb8bc9ce9d7
-
SHA512
71bf39fc2b4cc294cd5d149ce8c2ea3776478568915ad42f2d6c0ddca581bc89d470de728a831c974799f2f06a2fadfa959c13c9a1379d2cb7aa024492af9a4f
-
SSDEEP
24576:Atb20pkaCqT5TBWgNQ7aNdVxxg5lHZlLcmg6A:JVg5tQ7aNdVxyDLw5
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-