Overview

overview

10

Static

static

1

ESPLS-RFQ_2400282.exe

windows7-x64

8

ESPLS-RFQ_2400282.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ESPLS-RFQ_2400282.exe

  • Size

    841KB

  • Sample

    240725-hvyglsvdlm

  • MD5

    516a26f5978b8c97c755dd1d4292ffb6

  • SHA1

    6cf511da5aa396b7ff854a68869536aa6b2c55b5

  • SHA256

    49f9ac550d9df149caa708bd58d9886e6322a176b8ad723b8032ad5bc3ba9c84

  • SHA512

    637abedfeee38d1f6e6cacf536f84cb9f47e928c4914fedd8049a484594276f1ba4aa345fd688c63f3e41b330ba46a4e608ceb946f3aef865e14f1231067332d

  • SSDEEP

    24576:gYDoeMwkejuoLDr9OUPepXIVVMVu3ciVdm:rdMErLgq9PMo3xm

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      ESPLS-RFQ_2400282.exe

    • Size

      841KB

    • MD5

      516a26f5978b8c97c755dd1d4292ffb6

    • SHA1

      6cf511da5aa396b7ff854a68869536aa6b2c55b5

    • SHA256

      49f9ac550d9df149caa708bd58d9886e6322a176b8ad723b8032ad5bc3ba9c84

    • SHA512

      637abedfeee38d1f6e6cacf536f84cb9f47e928c4914fedd8049a484594276f1ba4aa345fd688c63f3e41b330ba46a4e608ceb946f3aef865e14f1231067332d

    • SSDEEP

      24576:gYDoeMwkejuoLDr9OUPepXIVVMVu3ciVdm:rdMErLgq9PMo3xm

    Score
    10/10
    discoveryexecutionazorultcollectioncredential_accessinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks