Overview

overview

10

Static

static

1

Opgaveforlb.exe

windows7-x64

10

Opgaveforlb.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Opgaveforlb.exe

  • Size

    605KB

  • Sample

    240910-k5l8fawcpk

  • MD5

    b59ef60d3216aa6ace0a7f3a5410436b

  • SHA1

    8eea1ab92d68fc821e9d6d6eeb37ff5f07d7f1bb

  • SHA256

    468f0f730fe384bb0b6e88941bcdf91679da1c374ff272e2309ca4c123a848a7

  • SHA512

    6f7eb71c8f715effd1ef7dac582dbdaa6fcd95f831692ed239522ddb84da4d9026faf58954b81b4a40d5c0cb8c58c71b2446f049403222bc05cd68abc0957d07

  • SSDEEP

    12288:qBIJsQ8JMOMcV7tywhFMCE474goh+dod6uOCC/:TJsQZwoCl0n6wC/

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      Opgaveforlb.exe

    • Size

      605KB

    • MD5

      b59ef60d3216aa6ace0a7f3a5410436b

    • SHA1

      8eea1ab92d68fc821e9d6d6eeb37ff5f07d7f1bb

    • SHA256

      468f0f730fe384bb0b6e88941bcdf91679da1c374ff272e2309ca4c123a848a7

    • SHA512

      6f7eb71c8f715effd1ef7dac582dbdaa6fcd95f831692ed239522ddb84da4d9026faf58954b81b4a40d5c0cb8c58c71b2446f049403222bc05cd68abc0957d07

    • SSDEEP

      12288:qBIJsQ8JMOMcV7tywhFMCE474goh+dod6uOCC/:TJsQZwoCl0n6wC/

    Score
    10/10
    azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks