Overview

overview

10

Static

static

1

Copy0761000025.xlsm

windows7-x64

10

Copy0761000025.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Copy0761000025.xlsm

  • Size

    430KB

  • Sample

    240530-mnsp1aed6w

  • MD5

    7d4ea49144ee2f6e90627e4126dd7906

  • SHA1

    435f8134462eeec813c747bf9b8cc7287d3ce05a

  • SHA256

    dd6cd10d521f6b189b3a56ce5a7fb41d16c1bca171c00e79999690822b7bfe25

  • SHA512

    c88469f3bc48600baf802af246aaf66f4c5d1f00baf619b92ad2e1df7a973b98a396e4f20ccbcec43628122c080ee28a921b61e84fe257efdec7e85ecce4e93d

  • SSDEEP

    12288:7fEXQu7SHOCZhSTIS2dGpeWpqivD1YxR25O8UE:7VwarmMSAGMID1R5OtE

Score
10/10
azorultexecutioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      Copy0761000025.xlsm

    • Size

      430KB

    • MD5

      7d4ea49144ee2f6e90627e4126dd7906

    • SHA1

      435f8134462eeec813c747bf9b8cc7287d3ce05a

    • SHA256

      dd6cd10d521f6b189b3a56ce5a7fb41d16c1bca171c00e79999690822b7bfe25

    • SHA512

      c88469f3bc48600baf802af246aaf66f4c5d1f00baf619b92ad2e1df7a973b98a396e4f20ccbcec43628122c080ee28a921b61e84fe257efdec7e85ecce4e93d

    • SSDEEP

      12288:7fEXQu7SHOCZhSTIS2dGpeWpqivD1YxR25O8UE:7VwarmMSAGMID1R5OtE

    Score
    10/10
    executionazorultinfostealerpersistencetrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks