General
-
Target
c19d08a27c982cf37e84b3fdd48df4d6da2edcdfcbaa9cd4676ef52b5501b0b2.tar
-
Size
397KB
-
Sample
240814-q7gcvswaqa
-
MD5
8f62e4ae2faa71937dc10b80b8dbbc4e
-
SHA1
ee128f0b3b3e454ff5ca7970cd26db48a77974f0
-
SHA256
c19d08a27c982cf37e84b3fdd48df4d6da2edcdfcbaa9cd4676ef52b5501b0b2
-
SHA512
b9667f3d8599afd256e95ddcde73203cc9e47191d61462abed5bc6f7b052bc8f60f1f8f71e2d1b1652fb217ab9ebc043015d20937f47ac7fe132229b140ebb44
-
SSDEEP
6144:bkAo1hecmm8UyucIXbPusaBPsz4KIIH5wXCvBmm8uYqh9kcc7V:MCcIE5oWwm8uYYSc
Malware Config
Extracted
azorult
http://l0h5.shop/CM341/index.php
Targets
-
-
Target
FedEx Shipping Document.exe
-
Size
396KB
-
MD5
426a70b17444d7928e16d122e11a3da1
-
SHA1
320a7b6857baedfff5512e84569d8d4cc05dc6e0
-
SHA256
88da0443485279462c67050bb9973e9fed6a8fdffc6f2a46929eeb138d3e9000
-
SHA512
d4b215f52064b9016d313f2ad63be86a061324ee72a0257bd69776f72e99b60bddabdb6de1a655c432227fa5e957c3983c64b8052bd349a47abc884bc0d7cec6
-
SSDEEP
6144:vkAo1hecmm8UyucIXbPusaBPsz4KIIH5wXCvBmm8uYqh9kcc7V:4CcIE5oWwm8uYYSc
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3