General
-
Target
FedEx Shipping Document.exe
-
Size
396KB
-
Sample
240817-je84vaxfkr
-
MD5
426a70b17444d7928e16d122e11a3da1
-
SHA1
320a7b6857baedfff5512e84569d8d4cc05dc6e0
-
SHA256
88da0443485279462c67050bb9973e9fed6a8fdffc6f2a46929eeb138d3e9000
-
SHA512
d4b215f52064b9016d313f2ad63be86a061324ee72a0257bd69776f72e99b60bddabdb6de1a655c432227fa5e957c3983c64b8052bd349a47abc884bc0d7cec6
-
SSDEEP
6144:vkAo1hecmm8UyucIXbPusaBPsz4KIIH5wXCvBmm8uYqh9kcc7V:4CcIE5oWwm8uYYSc
Malware Config
Extracted
azorult
http://l0h5.shop/CM341/index.php
Targets
-
-
Target
FedEx Shipping Document.exe
-
Size
396KB
-
MD5
426a70b17444d7928e16d122e11a3da1
-
SHA1
320a7b6857baedfff5512e84569d8d4cc05dc6e0
-
SHA256
88da0443485279462c67050bb9973e9fed6a8fdffc6f2a46929eeb138d3e9000
-
SHA512
d4b215f52064b9016d313f2ad63be86a061324ee72a0257bd69776f72e99b60bddabdb6de1a655c432227fa5e957c3983c64b8052bd349a47abc884bc0d7cec6
-
SSDEEP
6144:vkAo1hecmm8UyucIXbPusaBPsz4KIIH5wXCvBmm8uYqh9kcc7V:4CcIE5oWwm8uYYSc
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3