Overview

overview

10

Static

static

3

c97dbc111d...77.exe

windows7-x64

10

c97dbc111d...77.exe

windows10-2004-x64

8

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77.exe

  • Size

    610KB

  • Sample

    240710-s77adswdlk

  • MD5

    ad0ed91197890681c43fe8a613ba1b2b

  • SHA1

    d0a7ded680f10ec1871a3b4df10c6a9cc2a30809

  • SHA256

    c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77

  • SHA512

    029ec97c9e08eac5fbda60442b1094b142168c54a4f4233f7812ab46ab8a1f19fa8b4133beb4dff6dbff7ccfcc139367cd966548385b73b3be5e33fe49ac720f

  • SSDEEP

    12288:I2Vmby5Q6IXgRhdiS+j7hmIwKp5KNgcSJtoE2uxck4EUcpF+78:I28SQ6IXgitRwKp5KYoE2uxckrjFM8

Score
10/10
azorultcollectionexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77.exe

    • Size

      610KB

    • MD5

      ad0ed91197890681c43fe8a613ba1b2b

    • SHA1

      d0a7ded680f10ec1871a3b4df10c6a9cc2a30809

    • SHA256

      c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77

    • SHA512

      029ec97c9e08eac5fbda60442b1094b142168c54a4f4233f7812ab46ab8a1f19fa8b4133beb4dff6dbff7ccfcc139367cd966548385b73b3be5e33fe49ac720f

    • SSDEEP

      12288:I2Vmby5Q6IXgRhdiS+j7hmIwKp5KNgcSJtoE2uxck4EUcpF+78:I28SQ6IXgitRwKp5KYoE2uxckrjFM8

    Score
    10/10
    azorultcollectionexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      5KB

    • MD5

      3134c2821796396ba53e77ef3ea6a268

    • SHA1

      14c58e347fb4bf1b8c6f5ebccae57c58066d8769

    • SHA256

      9cdba2bb0984f10c201921ae5bcfe7b595771e1f12d9e17d31f213bfaf1548c6

    • SHA512

      34beca32375af8e4665b48413c940af67bedf6e34895481281551836460721161b158e642bde120a65ca0143643e06bfe660da2b1900e7ca2e4f7a204e183d4e

    • SSDEEP

      96:MqNrqoGHBA8Cgg6WXXvyuJ6jDfu+yMb+yRrtWpOwol:MMqrHY5XvyuR0htWpO

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      3cea4c9994912d8f3c3e8b6a814e810e

    • SHA1

      c48d34a0981d4ab576c7a3ab566f5ddb94af5d86

    • SHA256

      b2699fdfdab6a018fcc972806d12f71972de1861660bb6578935d62b1da06504

    • SHA512

      d317449f3c3115e279cff148c3e0bccc9b1d4ba82d1f85c0b99d7db657e85f752c0691d33f8024ada5850c993d0bdcbcc70b296b7cf33d7d14a67bc16ca3b4a3

    • SSDEEP

      96:o417lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4Lb8qndYv0PLE:oOl7wrLBn0REc0JxEdO0PLE

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      4a2f4fe4a3ad1de56ee6bf7dd4923963

    • SHA1

      7cc68b94448c964fd99904e5784b059aed4d5daa

    • SHA256

      89b1e6509a1b45b32933e9d785a9c8c5b9ce7c616e1112dcf7fc3fa5ca27ebde

    • SHA512

      4b6bbe75beafae9a29932ff5ddd3940aadfae62c157836e6cdab755955782dd5354d5eb389b4b8c16bf59f4ce7a099a0161d915c1cf2968f28e195dc8e3997ea

    • SSDEEP

      96:z0OBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+uPHwEX:4tZKtrAJJJbP7iEHEbN8Ved0Ph

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks