Overview

overview

10

Static

static

1

ec6d41cb09...be.exe

windows7-x64

8

ec6d41cb09...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec6d41cb09b83cde3855825ca3a2d16518a6826ad49f26a566bb40d4c48f3abe.exe

  • Size

    860KB

  • Sample

    240726-hkjkpssdjr

  • MD5

    1ae0d736c5d08b40f0fb650d3f843d12

  • SHA1

    3ace2fdca564569720c3ba2bae89f25ffda936cb

  • SHA256

    ec6d41cb09b83cde3855825ca3a2d16518a6826ad49f26a566bb40d4c48f3abe

  • SHA512

    0b62c90f976b7cdf7d54aa460a5143bd367b82cb501ea51751f2255325a094a075771deeae949d500aa4b4f0ba7d961d20622a8b43848b4f7456e45cfc25adb1

  • SSDEEP

    24576:VYDoeMwkejuoLDikeCYsfgmnUqRfDqyVy8:udMErLWClguRfmyVp

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      ec6d41cb09b83cde3855825ca3a2d16518a6826ad49f26a566bb40d4c48f3abe.exe

    • Size

      860KB

    • MD5

      1ae0d736c5d08b40f0fb650d3f843d12

    • SHA1

      3ace2fdca564569720c3ba2bae89f25ffda936cb

    • SHA256

      ec6d41cb09b83cde3855825ca3a2d16518a6826ad49f26a566bb40d4c48f3abe

    • SHA512

      0b62c90f976b7cdf7d54aa460a5143bd367b82cb501ea51751f2255325a094a075771deeae949d500aa4b4f0ba7d961d20622a8b43848b4f7456e45cfc25adb1

    • SSDEEP

      24576:VYDoeMwkejuoLDikeCYsfgmnUqRfDqyVy8:udMErLWClguRfmyVp

    Score
    10/10
    discoveryexecutionazorultcollectioncredential_accessinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks