Extracted

• • Target

    RNSM00331.7z

  • Size

    829KB

  • MD5

    7b31fb85873a3c577a52b0b57ba94432

  • SHA1

    c476494ddfa833612be0a4d6a8492bba08380994

  • SHA256

    1d5dce56b1bf8f92c234163db2d3338db08aa0a94acdbd6a9ec131ba1531b6ca

  • SHA512

    be6b0cb9fb54b536e246e9e944f1f5b988936de73abec380f2f14527b3c9abadbb6df3e8c96d1255e66af16494c0464179adc2699d092fcd297c31c581eb1ea3

  • SSDEEP

    24576:Qo2pvlAY6jcuObIc1SN2UiI+Ud5+DS9l8ROn:mpvlsYIcYN2FnUdQS9qROn

  Score

  10^/10

  azorultemotetaspackv2bankerdiscoveryinfostealerpersistenceransomwaretrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Emotet family

    emotet

  • Modifies WinLogon for persistence

    persistence

  • Renames multiple (93) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Drops startup file

  • Executes dropped EXE

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1