Overview

overview

10

Static

static

1

MGL6070111-PDF.exe

windows7-x64

8

MGL6070111-PDF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MGL6070111-PDF.exe

  • Size

    849KB

  • Sample

    240725-hwhsjsvdpl

  • MD5

    0be9332786cd2b5d41edf5746bd4d351

  • SHA1

    44443541dd2e4a40820f23d9057a92a27dfdc823

  • SHA256

    65645a7b022d73d26cf94f50e0c9eaa224911bf8443b0366bcc671be27dbb9bc

  • SHA512

    0dc9145a7cd7c7a2f8fcac3cad2ad8d046f2457013f8948423e8ba14928508b5fed3bb2835e5616c7072e0305e67a870fd5d2198d6e6220baf75e23047e2ecb2

  • SSDEEP

    24576:HYDoeMwkejuoLDypBE2pBV92Smc7RfLym5Nhcp:4dMErLepBE2Sg7RDxhy

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      MGL6070111-PDF.exe

    • Size

      849KB

    • MD5

      0be9332786cd2b5d41edf5746bd4d351

    • SHA1

      44443541dd2e4a40820f23d9057a92a27dfdc823

    • SHA256

      65645a7b022d73d26cf94f50e0c9eaa224911bf8443b0366bcc671be27dbb9bc

    • SHA512

      0dc9145a7cd7c7a2f8fcac3cad2ad8d046f2457013f8948423e8ba14928508b5fed3bb2835e5616c7072e0305e67a870fd5d2198d6e6220baf75e23047e2ecb2

    • SSDEEP

      24576:HYDoeMwkejuoLDypBE2pBV92Smc7RfLym5Nhcp:4dMErLepBE2Sg7RDxhy

    Score
    10/10
    discoveryexecutionazorultcollectioncredential_accessinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks