Overview

overview

10

Static

static

3

Opsamlings...rs.exe

windows7-x64

10

Opsamlings...rs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYSLIP.tar

  • Size

    550KB

  • Sample

    240829-lk2ytsvbje

  • MD5

    bfbe72fb76b5d34c68bea4dabfadea31

  • SHA1

    4748abbbb6c20b8d1df880a18b7bba677f1430b7

  • SHA256

    2be4659aa287c67221d372294f8f79977e0fee05b402b930a3c9dbbc4b6e5520

  • SHA512

    fa375115f42aa564c5b3fb7381925c554d7c6dea4546fc83d2b7f982046e43df3e44ace7920e08fd2387de56d8f1618c5ab8691f9cec57941f02185e5b50fcfd

  • SSDEEP

    12288:PYOvbUw7VPIJ8r83QtLKRhXlMBAAGbmiQDwtF2C:PYA7F68F09lYGb/QDCF7

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      Opsamlingsvinduers.exe

    • Size

      636KB

    • MD5

      eb7e7f39eeee4f13a5a72d82853bd06b

    • SHA1

      94992cc1304f680b3572f9973a9b09d762bd8866

    • SHA256

      f440f5e5f5a755ab4a1eea5008d4b899af10e6067dc582c927c4792a918c1759

    • SHA512

      97498d7b2ba16ef15134260a163a6f054bb54b41b8f37001c95c9288c0bcf544467502586b362ce2bf9709d5bf72dd9f34f772de14050b2d2eb2ee2535baa772

    • SSDEEP

      12288:HOZpODCUvGYcAWrF7HESyrvMuO+hk2cWNMfimp6IB8RA/+LG6/:HCOqYs7kPrvDjNVIBR/uGU

    Score
    10/10
    azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks