General

  • Target

    PO#940894.exe

  • Size

    613KB

  • Sample

    240910-mzjapszgnk

  • MD5

    ed74af816d3d992bb737a5c618edeb40

  • SHA1

    88fa10ff069ca50565409920b0bc8faa8f22f72c

  • SHA256

    9624383d6ceb24015deaeac4576a474da6dc0c676d66e15dd11ec65429335bf8

  • SHA512

    38bb1cbc7b4af36325ea4f4a5426ec1a973c022b593188a7ca37330691145bb2eca052f2ef6bc34e162ee7b802e4a0e96e9d13fc813e7f6a2a4b4c62bdf9a020

  • SSDEEP

    12288:8BIJsQw0Rxx/sK2NVf8hBScYtaHQVkUlsJpuOCCT:tJsQwix5sK2/fbcYUwV1MpwCT

Malware Config

Targets

    • Target

      PO#940894.exe

    • Size

      613KB

    • MD5

      ed74af816d3d992bb737a5c618edeb40

    • SHA1

      88fa10ff069ca50565409920b0bc8faa8f22f72c

    • SHA256

      9624383d6ceb24015deaeac4576a474da6dc0c676d66e15dd11ec65429335bf8

    • SHA512

      38bb1cbc7b4af36325ea4f4a5426ec1a973c022b593188a7ca37330691145bb2eca052f2ef6bc34e162ee7b802e4a0e96e9d13fc813e7f6a2a4b4c62bdf9a020

    • SSDEEP

      12288:8BIJsQw0Rxx/sK2NVf8hBScYtaHQVkUlsJpuOCCT:tJsQwix5sK2/fbcYUwV1MpwCT

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks