Overview

overview

10

Static

static

1

74d52b94db...a2.exe

windows7-x64

10

74d52b94db...a2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62eab9f468c6599a5a972c3fd1d5aaa4.bin

  • Size

    498KB

  • Sample

    240913-bp6sgawekr

  • MD5

    e8af194020c34e1400cf7d7576defcdf

  • SHA1

    2f1fd177a7973e9f86aa73580dcbdea40e8d4c33

  • SHA256

    aa2b4ce1c6e42241853ba06a96ed083065371067461c784075c0652569835eac

  • SHA512

    5ff2f4e8121df2507e904196d384aa6d389bf72c1264050c9837ff766af2c7834ec3117a6d9276e10f3802783f569be8f605a92f4a614dfa69abf49e09864b2c

  • SSDEEP

    12288:Y/wV6iszDqTh/aFU9wfuV+e/PPGnYsg7lJcZr:Ca6DDqT56e/POMGZr

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      74d52b94dbe44e83459e097ea1a1d22631a78bffa24ccf8ecc5492e9af9091a2.exe

    • Size

      583KB

    • MD5

      62eab9f468c6599a5a972c3fd1d5aaa4

    • SHA1

      3c8fcdfcc78ea26feb6a51542456fdc9891719cf

    • SHA256

      74d52b94dbe44e83459e097ea1a1d22631a78bffa24ccf8ecc5492e9af9091a2

    • SHA512

      2f05c63b93e3e2c7ef6e7fa7940aef02980520fc511b79f29aedb1b3aed69d5490d3b4d40bed9b5718794b3fa2e5ced85f5811a2666acf89fafac3439ebdb6c8

    • SSDEEP

      12288:TBIJsQZOIPSaJbib6+LBgIlfQORq6vzuOCCn:yJsQQIPS99gIlfQL+zwCn

    Score
    10/10
    azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks