General

  • Target

    WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe

  • Size

    960KB

  • Sample

    240305-j6edjsad31

  • MD5

    90559c1f9ac3d674ef0f89530f40e561

  • SHA1

    dfc760de338a70ed58250c08976eb79e64612e8d

  • SHA256

    51b655d0853dfede83ea8fc3eb2c63b5fefc4bd852d50591a5a78cb8bc9ce9d7

  • SHA512

    71bf39fc2b4cc294cd5d149ce8c2ea3776478568915ad42f2d6c0ddca581bc89d470de728a831c974799f2f06a2fadfa959c13c9a1379d2cb7aa024492af9a4f

  • SSDEEP

    24576:Atb20pkaCqT5TBWgNQ7aNdVxxg5lHZlLcmg6A:JVg5tQ7aNdVxyDLw5

Malware Config

Extracted

Family

azorult

C2

http://mhlc.shop/MC341/index.php

Targets

    • Target

      WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe

    • Size

      960KB

    • MD5

      90559c1f9ac3d674ef0f89530f40e561

    • SHA1

      dfc760de338a70ed58250c08976eb79e64612e8d

    • SHA256

      51b655d0853dfede83ea8fc3eb2c63b5fefc4bd852d50591a5a78cb8bc9ce9d7

    • SHA512

      71bf39fc2b4cc294cd5d149ce8c2ea3776478568915ad42f2d6c0ddca581bc89d470de728a831c974799f2f06a2fadfa959c13c9a1379d2cb7aa024492af9a4f

    • SSDEEP

      24576:Atb20pkaCqT5TBWgNQ7aNdVxxg5lHZlLcmg6A:JVg5tQ7aNdVxyDLw5

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks