General
-
Target
f9797b9742a7a1f8cde3934de550ce3d828b402c60444f4062b7e3709e489c42.exe
-
Size
315KB
-
Sample
200529-m33z2b5jba
-
MD5
d52f9501a7bba06b6ec605bd25044f89
-
SHA1
f51f86539252f0f0365188d2292087abc57d835e
-
SHA256
f9797b9742a7a1f8cde3934de550ce3d828b402c60444f4062b7e3709e489c42
-
SHA512
212d6244575384eecbbb469461d3967ada27248651901cbcd269f6e3fbcb54d3cf53ce5d7f12bd407f8bf347760c9310511a3d99e20e1971fce221c788a57ac1
Malware Config
Extracted
azorult
https://authsw.ir/tews/jst/index.php
Targets
-
-
Target
f9797b9742a7a1f8cde3934de550ce3d828b402c60444f4062b7e3709e489c42.exe
-
Size
315KB
-
MD5
d52f9501a7bba06b6ec605bd25044f89
-
SHA1
f51f86539252f0f0365188d2292087abc57d835e
-
SHA256
f9797b9742a7a1f8cde3934de550ce3d828b402c60444f4062b7e3709e489c42
-
SHA512
212d6244575384eecbbb469461d3967ada27248651901cbcd269f6e3fbcb54d3cf53ce5d7f12bd407f8bf347760c9310511a3d99e20e1971fce221c788a57ac1
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Adds Run entry to start application
-
Modifies system certificate store
-
Suspicious use of SetThreadContext
-