Extracted

• • Target

    Doc000781102.exe

  • Size

    113KB

  • MD5

    c7e267629511f510ff5e8934ceb2f382

  • SHA1

    814753fa8f15d440e36abd22ce908125ad972730

  • SHA256

    0ca211901a9024dc07ca4973a6fe71813c5d58d468117169820d6ba91ca9f23d

  • SHA512

    be04cca9194d247e665d342c62e0f9d6e26ef596fc09b6ff148b568e54b682265eff366244448745cd85d7af7702bfad4798c281a459cb65025e6aadf2975868

  • SSDEEP

    1536:M3dFtO4xLk8u2qHlllllllOdQlwEn+glllllllllllllllllll5xw5lf:MtXFjtYwiVxw5lf

  Score

  10^/10

  azorultpurecryptercollectiondiscoverydownloaderinfostealerloaderpersistencespywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Deletes itself

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2