Overview

overview

10

Static

static

3

Purchase o...on.exe

windows7-x64

10

Purchase o...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1c9cabadc6f185f2f0951a6e6fd0465d760b65f1496ee45fdbdb518752d942a

  • Size

    445KB

  • Sample

    250122-b4hn7askgj

  • MD5

    4f201f99838e502b985c45668595f79c

  • SHA1

    773961b9e72cd131939b08f2f13a95977407b8a9

  • SHA256

    e1c9cabadc6f185f2f0951a6e6fd0465d760b65f1496ee45fdbdb518752d942a

  • SHA512

    6bb0e56acb99be85ccd8d07354b18d64c1be6c202bdfc4c3ac89fa74eb6d4842646ec72a99b036925e9136bb8dfd6ff48f8c82fb8ade0833628632a45a8b29c3

  • SSDEEP

    12288:Pw6dwXd54CPlAdjGh9Q69NxlQzddZD6d55Nmxf:PNdwXdntAdjGh9Qel8LZs5naf

Score
10/10
azorultcollectioncredential_accessdiscoveryinfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

azorult

C2

https://b0l.ae/fra/az/index.php

Targets

    • Target

      Purchase order_ invoice confirmation.exe

    • Size

      625KB

    • MD5

      888b78f962190563e7697b616f873764

    • SHA1

      ee24327900875f0d35b2e11144d36e4ee1a91fdc

    • SHA256

      0e2ba1030dfacd7a4a43a79fde62312c2ce9bd18b0c37207099fc7271b99a1d8

    • SHA512

      3b91672b2ea54e6fd72e568879daebb2b7192a3598614fae009f452a03ebaf9b8d08ede76a69133af0bfdd8e7d0ee7b18d988965d1063846f9253ba4902420bd

    • SSDEEP

      12288:4kiCPnAdfah9q6RNxBQBcmBbiZbIvlZx:4ifAdfah9qgBQcwiUf

    Score
    10/10
    azorultdiscoveryinfostealerpersistencetrojancollectioncredential_accessspywarestealer

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Azorult family

      azorult

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks