General
-
Target
MEDUPV843545_EXINV278.PDF.vbs
-
Size
26KB
-
Sample
240306-ce349sfh6v
-
MD5
9c85d725803bf621f8a45680650fd841
-
SHA1
0b8b47cb69205a89d6fac5ea156630c7732ca031
-
SHA256
59b83a0e37ac6e046cf013616d51dff99d06d0bbbcc02b585c9cd1d1fa7e952d
-
SHA512
4329e4da03d19106020dc8d958f96b1f3c0da082e69221f2a14be32599a30cae40df38075fd6a43ecac7001b6d61c6652130cab340e6ab02a525d42588c28e70
-
SSDEEP
768:tIIJFMkYm8rSvWiRTcOuTgyjbpfn9FVItJpT+NYQcOudS0ttNA85WvjFSIgya3IW:KAFMk/8uvWiRgOuTgyjbpfn9FVItJpTD
Static task
static1
Behavioral task
behavioral1
Sample
MEDUPV843545_EXINV278.PDF.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MEDUPV843545_EXINV278.PDF.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
MEDUPV843545_EXINV278.PDF.vbs
-
Size
26KB
-
MD5
9c85d725803bf621f8a45680650fd841
-
SHA1
0b8b47cb69205a89d6fac5ea156630c7732ca031
-
SHA256
59b83a0e37ac6e046cf013616d51dff99d06d0bbbcc02b585c9cd1d1fa7e952d
-
SHA512
4329e4da03d19106020dc8d958f96b1f3c0da082e69221f2a14be32599a30cae40df38075fd6a43ecac7001b6d61c6652130cab340e6ab02a525d42588c28e70
-
SSDEEP
768:tIIJFMkYm8rSvWiRTcOuTgyjbpfn9FVItJpT+NYQcOudS0ttNA85WvjFSIgya3IW:KAFMk/8uvWiRgOuTgyjbpfn9FVItJpTD
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-