Overview

overview

10

Static

static

1

cb299d64a1...98.exe

windows7-x64

10

cb299d64a1...98.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aebe5d9f0660fda82bf33bf77d83fec6.bin

  • Size

    504KB

  • Sample

    240913-b3hmssxgka

  • MD5

    a132ea5a878f4ab96f60d4a894788f90

  • SHA1

    ffd4ea1105f54ff29a6c3507ef65b328a92245e1

  • SHA256

    2dcce7ddad3fc6a01e93776e72308b186a0bc57cfc779c6f3d24f9fa9a499ec2

  • SHA512

    82a3ef9ef7adddc92fc01697b0769da514fb321ab8af933fad455f3fb2176ccffa45fa4207609611175c1e58c8c79eaaf183caa0ff65bf05d2cdfc7f35206c53

  • SSDEEP

    12288:UmJxHeHhZ0hL5q9qULaJjiBOGVRGa+rUG+gC:UmXHyn0hL89igaaF

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      cb299d64a1dd6aba4df3ffad101b457631e1bed26d3c2641e24dbcbf997e8198.exe

    • Size

      590KB

    • MD5

      aebe5d9f0660fda82bf33bf77d83fec6

    • SHA1

      3af47a8f25b82c72956d40dd1562007557a7ba13

    • SHA256

      cb299d64a1dd6aba4df3ffad101b457631e1bed26d3c2641e24dbcbf997e8198

    • SHA512

      57d805b578bf552edfeadad9ae8f7c918fb6088f60e40bae96ed16733f392769b0d5546f0078435ac0888de41c20caf7bb0e2d7f74750a73e1615632cdc1ff8b

    • SSDEEP

      12288:jBIJsQVQSt1CTpyH/Co5gYZBFbSn/ODuOCCF:CJsQV9QmCKgGZwCF

    Score
    10/10
    azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks