General

  • Target

    ACCEPT_014STSY529093.PDF.exe

  • Size

    108KB

  • Sample

    240808-p9bdysxdqa

  • MD5

    996817a2a2c9afe0a459bd0cc9a68d74

  • SHA1

    23770e473ea88638874473b631602f437a799760

  • SHA256

    a50376b1375f041a534a74ea0cecd6429b4e26747059a4a4c72ef91bb04d7080

  • SHA512

    24a7cdcaf49b9d565da4df977b084f0b94c82f33f1dd80621e649040baa85565aef9cb147036674ec57f3586e3038cdafacbdb6724e61a651c168359deda1df1

  • SSDEEP

    3072:6dS3TaTBi6I/TPDe3R2/8fDvDySHzDed:65i7TSB2abGSH

Malware Config

Extracted

Family

azorult

C2

http://l0h5.shop/CM341/index.php

Targets

    • Target

      ACCEPT_014STSY529093.PDF.exe

    • Size

      108KB

    • MD5

      996817a2a2c9afe0a459bd0cc9a68d74

    • SHA1

      23770e473ea88638874473b631602f437a799760

    • SHA256

      a50376b1375f041a534a74ea0cecd6429b4e26747059a4a4c72ef91bb04d7080

    • SHA512

      24a7cdcaf49b9d565da4df977b084f0b94c82f33f1dd80621e649040baa85565aef9cb147036674ec57f3586e3038cdafacbdb6724e61a651c168359deda1df1

    • SSDEEP

      3072:6dS3TaTBi6I/TPDe3R2/8fDvDySHzDed:65i7TSB2abGSH

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks