General
-
Target
2c2a9d11624fe9e68eb19e81042ff3c2f8a128e5f219803cac9326624b7e31b4.arj
-
Size
462KB
-
Sample
240306-cne4ssgc4y
-
MD5
9f92b58b8d1ec45e1bcf34db52368506
-
SHA1
c7d71bba1fa1f89634bb2af0a97e4443088d8a07
-
SHA256
2c2a9d11624fe9e68eb19e81042ff3c2f8a128e5f219803cac9326624b7e31b4
-
SHA512
b82127a4017759b2f85441a828533521ee79cacbfc5ba2c1ade74c671f841f81b321c72c2a43692eca04ded5faf9aab32ccc46ddfa38c37bfe578a4581793b5c
-
SSDEEP
6144:1DhqMI+5vC1BWpV9cvWG7TMwnNdgslr2xGUJAYwixqzmYH3ee/JVK1bjZOun46Mc:hh1/+YpQWGf/nf12xZsJuXNF7HhHT
Static task
static1
Behavioral task
behavioral1
Sample
WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
azorult
http://mhlc.shop/MC341/index.php
Targets
-
-
Target
WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe
-
Size
960KB
-
MD5
90559c1f9ac3d674ef0f89530f40e561
-
SHA1
dfc760de338a70ed58250c08976eb79e64612e8d
-
SHA256
51b655d0853dfede83ea8fc3eb2c63b5fefc4bd852d50591a5a78cb8bc9ce9d7
-
SHA512
71bf39fc2b4cc294cd5d149ce8c2ea3776478568915ad42f2d6c0ddca581bc89d470de728a831c974799f2f06a2fadfa959c13c9a1379d2cb7aa024492af9a4f
-
SSDEEP
24576:Atb20pkaCqT5TBWgNQ7aNdVxxg5lHZlLcmg6A:JVg5tQ7aNdVxyDLw5
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-