Overview

overview

10

Static

static

3

85f2c33bd2...d0.exe

windows7-x64

10

85f2c33bd2...d0.exe

windows10-2004-x64

8

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85f2c33bd270e95170ff8a249ff7c054ce2ad4044c41d6c9d989e7a914ac4cd0.exe

  • Size

    1.8MB

  • Sample

    240830-b2h7ya1cmd

  • MD5

    21ea616cf4f0df2053beae6f4c625213

  • SHA1

    5b2399a6b7b87f19604bb94a4ebb3bc364b618ce

  • SHA256

    85f2c33bd270e95170ff8a249ff7c054ce2ad4044c41d6c9d989e7a914ac4cd0

  • SHA512

    5db9def0e9e9e99ecb6e43047c11e31ea87b08ba0deff652e11c95629f45f8bd037b718d023a499660d5696f331d4bf8d90d7c733f4181cd285811419697c7ed

  • SSDEEP

    49152:A8jXGmnj2u/T6aFh4yHp3dWojuja2wZjyOeT:PrGqXxFhVHp3dHjd2EBeT

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      85f2c33bd270e95170ff8a249ff7c054ce2ad4044c41d6c9d989e7a914ac4cd0.exe

    • Size

      1.8MB

    • MD5

      21ea616cf4f0df2053beae6f4c625213

    • SHA1

      5b2399a6b7b87f19604bb94a4ebb3bc364b618ce

    • SHA256

      85f2c33bd270e95170ff8a249ff7c054ce2ad4044c41d6c9d989e7a914ac4cd0

    • SHA512

      5db9def0e9e9e99ecb6e43047c11e31ea87b08ba0deff652e11c95629f45f8bd037b718d023a499660d5696f331d4bf8d90d7c733f4181cd285811419697c7ed

    • SSDEEP

      49152:A8jXGmnj2u/T6aFh4yHp3dWojuja2wZjyOeT:PrGqXxFhVHp3dHjd2EBeT

    Score
    10/10
    azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/BgImage.dll

    • Size

      7KB

    • MD5

      2d5f40ddc34e9dc8f43b5bf1f61301e3

    • SHA1

      5ed3cd47affc4d55750e738581fce2b40158c825

    • SHA256

      785944e57e8e4971f46f84a07d82dee2ab4e14a68543d83bfe7be7d5cda83143

    • SHA512

      605cebcc480cb71ba8241782d89e030a5c01e1359accbde174cb6bdaf249167347ecb06e3781cb9b1cc4b465cef95f1663f0d9766ed84ebade87aa3970765b3e

    • SSDEEP

      96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkLnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmyLpmP

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      3cea4c9994912d8f3c3e8b6a814e810e

    • SHA1

      c48d34a0981d4ab576c7a3ab566f5ddb94af5d86

    • SHA256

      b2699fdfdab6a018fcc972806d12f71972de1861660bb6578935d62b1da06504

    • SHA512

      d317449f3c3115e279cff148c3e0bccc9b1d4ba82d1f85c0b99d7db657e85f752c0691d33f8024ada5850c993d0bdcbcc70b296b7cf33d7d14a67bc16ca3b4a3

    • SSDEEP

      96:o417lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4Lb8qndYv0PLE:oOl7wrLBn0REc0JxEdO0PLE

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks