General

  • Target

    2c2a9d11624fe9e68eb19e81042ff3c2f8a128e5f219803cac9326624b7e31b4.arj

  • Size

    462KB

  • Sample

    240306-cne4ssgc4y

  • MD5

    9f92b58b8d1ec45e1bcf34db52368506

  • SHA1

    c7d71bba1fa1f89634bb2af0a97e4443088d8a07

  • SHA256

    2c2a9d11624fe9e68eb19e81042ff3c2f8a128e5f219803cac9326624b7e31b4

  • SHA512

    b82127a4017759b2f85441a828533521ee79cacbfc5ba2c1ade74c671f841f81b321c72c2a43692eca04ded5faf9aab32ccc46ddfa38c37bfe578a4581793b5c

  • SSDEEP

    6144:1DhqMI+5vC1BWpV9cvWG7TMwnNdgslr2xGUJAYwixqzmYH3ee/JVK1bjZOun46Mc:hh1/+YpQWGf/nf12xZsJuXNF7HhHT

Malware Config

Extracted

Family

azorult

C2

http://mhlc.shop/MC341/index.php

Targets

    • Target

      WESAL SOLICITUD DE COTIZACIÓN-2024_ 5874DFRS.exe

    • Size

      960KB

    • MD5

      90559c1f9ac3d674ef0f89530f40e561

    • SHA1

      dfc760de338a70ed58250c08976eb79e64612e8d

    • SHA256

      51b655d0853dfede83ea8fc3eb2c63b5fefc4bd852d50591a5a78cb8bc9ce9d7

    • SHA512

      71bf39fc2b4cc294cd5d149ce8c2ea3776478568915ad42f2d6c0ddca581bc89d470de728a831c974799f2f06a2fadfa959c13c9a1379d2cb7aa024492af9a4f

    • SSDEEP

      24576:Atb20pkaCqT5TBWgNQ7aNdVxxg5lHZlLcmg6A:JVg5tQ7aNdVxyDLw5

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks