Overview

overview

10

Static

static

1

cb299d64a1...98.exe

windows7-x64

10

cb299d64a1...98.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb299d64a1dd6aba4df3ffad101b457631e1bed26d3c2641e24dbcbf997e8198.exe

  • Size

    590KB

  • Sample

    240912-ccyf1avgmj

  • MD5

    aebe5d9f0660fda82bf33bf77d83fec6

  • SHA1

    3af47a8f25b82c72956d40dd1562007557a7ba13

  • SHA256

    cb299d64a1dd6aba4df3ffad101b457631e1bed26d3c2641e24dbcbf997e8198

  • SHA512

    57d805b578bf552edfeadad9ae8f7c918fb6088f60e40bae96ed16733f392769b0d5546f0078435ac0888de41c20caf7bb0e2d7f74750a73e1615632cdc1ff8b

  • SSDEEP

    12288:jBIJsQVQSt1CTpyH/Co5gYZBFbSn/ODuOCCF:CJsQV9QmCKgGZwCF

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      cb299d64a1dd6aba4df3ffad101b457631e1bed26d3c2641e24dbcbf997e8198.exe

    • Size

      590KB

    • MD5

      aebe5d9f0660fda82bf33bf77d83fec6

    • SHA1

      3af47a8f25b82c72956d40dd1562007557a7ba13

    • SHA256

      cb299d64a1dd6aba4df3ffad101b457631e1bed26d3c2641e24dbcbf997e8198

    • SHA512

      57d805b578bf552edfeadad9ae8f7c918fb6088f60e40bae96ed16733f392769b0d5546f0078435ac0888de41c20caf7bb0e2d7f74750a73e1615632cdc1ff8b

    • SSDEEP

      12288:jBIJsQVQSt1CTpyH/Co5gYZBFbSn/ODuOCCF:CJsQV9QmCKgGZwCF

    Score
    10/10
    azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks