Overview
overview
10Static
static
3SC-91048-docs.exe
windows7-x64
10SC-91048-docs.exe
windows10-2004-x64
8$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3General
-
Target
SC-91048-docs.exe
-
Size
593KB
-
Sample
240717-pjbl2atcjf
-
MD5
6b67c037861d71932f9971faade3c695
-
SHA1
03313a12f94a0923bd456a058bb974e43f3c8562
-
SHA256
94d77da6e9ba6786e66b3864a9092a028d4e076774a5003b50eea0b5b04be074
-
SHA512
d59c9fe2cb5664394c670ca85964c85fbc4f00129c786ea79470b6c47d9768a5481496a6b9ac38f15c4cc66aad83e372a162a9890359648b19c4c08b9c53728f
-
SSDEEP
12288:sCn4AyHnr1nomoZlKOKIQxRGul47sbYY6UsGVPCHNwEX:/nEnrVvfOdQxJ47skYxsGVcNb
Static task
static1
Behavioral task
behavioral1
Sample
SC-91048-docs.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
SC-91048-docs.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
SC-91048-docs.exe
-
Size
593KB
-
MD5
6b67c037861d71932f9971faade3c695
-
SHA1
03313a12f94a0923bd456a058bb974e43f3c8562
-
SHA256
94d77da6e9ba6786e66b3864a9092a028d4e076774a5003b50eea0b5b04be074
-
SHA512
d59c9fe2cb5664394c670ca85964c85fbc4f00129c786ea79470b6c47d9768a5481496a6b9ac38f15c4cc66aad83e372a162a9890359648b19c4c08b9c53728f
-
SSDEEP
12288:sCn4AyHnr1nomoZlKOKIQxRGul47sbYY6UsGVPCHNwEX:/nEnrVvfOdQxJ47skYxsGVcNb
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
49998d066af103d06b56f5b4c76b1497
-
SHA1
b7dce166147f40dfa17f5ca950c4e324a10d04be
-
SHA256
95042dbe7428461ee7fd210acf37040eb921012c7b32f66cb54766f0a16bb5b6
-
SHA512
61b0d75ef3a18c8c13ad8c614a012a71cbc4f6fd4bba0aa0c7b866e1a8fbf5f9fdb3e012a3566586d47fc8b456a7de36a06a0d70cdf27e504aac64eab37555d7
-
SSDEEP
96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkDnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmiLpmP
Score1/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
19d3373e403a6e724cfa1563dfd1f463
-
SHA1
4917547b355a91e9431879209f56925097bf4fb3
-
SHA256
873fa0c52eae7cfbed56ea18b21fad0ca8f018ab7f305bd1db1a3ec454e353d1
-
SHA512
b6f6db23376ade4bb864ea14244980612f42f322d3915540090bfe8edc80e9577b7aec3589bd587ca47a729371ed8ab8e6e23031bb3e3f524d48783637646193
-
SSDEEP
96:oXF7lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4I8qndYv0PLE:oXFl7wrLBn0REc0Jx3dO0PLE
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
6c881f00ba860b17821d8813aa34dbc6
-
SHA1
0e5a1e09b1ce1bc758d6977b913a8d9ccbe52a13
-
SHA256
bcb93204bd1854d0c34fa30883bab51f6813ab32abf7fb7d4aeed21d71f6af87
-
SHA512
c78d6f43aa9bb35260a7bd300392ce809282660283fa6cb3059bae50d6db229b0b853cab7c949d4bdf19309fb183257b1c9feb01a66347e1c0adeb21543315b6
-
SSDEEP
96:DOBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+ugwEX:DtZKtrAJJJbP7iEHEbN8Ved0PM
Score3/10 -