Overview

overview

10

Static

static

1

PMTI00002112.exe

windows7-x64

8

PMTI00002112.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PMTI00002112.exe

  • Size

    854KB

  • Sample

    240725-hxn1ysxgqg

  • MD5

    5e1fb9afc29c8dfb357b46be649ab88f

  • SHA1

    aa539b2ad8551f23b1d6adc9b967a62edd2be41d

  • SHA256

    cd39bffc74d996c25ba6b6edde8601677b6d248fc9adf77376a56e9283b653b5

  • SHA512

    8771b8191e91f96d22652feb0c0d98a2b0542b5e3eefc63334e1951d28e86e427dc501fca868685fe37d797da33a391a3ac926ecc89e9620a49f9da46eba470f

  • SSDEEP

    24576:tYDoeMwkejuoLD0UU+RSmR7L342o4aEleqD:GdMErLjvsw3/haEdD

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      PMTI00002112.exe

    • Size

      854KB

    • MD5

      5e1fb9afc29c8dfb357b46be649ab88f

    • SHA1

      aa539b2ad8551f23b1d6adc9b967a62edd2be41d

    • SHA256

      cd39bffc74d996c25ba6b6edde8601677b6d248fc9adf77376a56e9283b653b5

    • SHA512

      8771b8191e91f96d22652feb0c0d98a2b0542b5e3eefc63334e1951d28e86e427dc501fca868685fe37d797da33a391a3ac926ecc89e9620a49f9da46eba470f

    • SSDEEP

      24576:tYDoeMwkejuoLD0UU+RSmR7L342o4aEleqD:GdMErLjvsw3/haEdD

    Score
    10/10
    discoveryexecutionazorultcollectioncredential_accessinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks