General
-
Target
PI.exe
-
Size
339KB
-
Sample
200630-bf1s459nes
-
MD5
e9b130e7262d0aafa2c0ba84d28539dd
-
SHA1
5e799f43441bd288094370b03bdfa554eafb6324
-
SHA256
dd668abafa9cbdf937e710f2e2e7f6228ca99c7a226b507d43f887c03dff8509
-
SHA512
7e934097fbd3e1500c7810794c1fda4267aa64d70197d0623c6dca5f2e91d67960d5e11ec87cfa853c457b5342eebb4d7fc98d5892efd7ad239a32211f0322b5
Static task
static1
Behavioral task
behavioral1
Sample
PI.exe
Resource
win7
Behavioral task
behavioral2
Sample
PI.exe
Resource
win10v200430
Malware Config
Extracted
azorult
http://45.95.168.162/city/index.php
Targets
-
-
Target
PI.exe
-
Size
339KB
-
MD5
e9b130e7262d0aafa2c0ba84d28539dd
-
SHA1
5e799f43441bd288094370b03bdfa554eafb6324
-
SHA256
dd668abafa9cbdf937e710f2e2e7f6228ca99c7a226b507d43f887c03dff8509
-
SHA512
7e934097fbd3e1500c7810794c1fda4267aa64d70197d0623c6dca5f2e91d67960d5e11ec87cfa853c457b5342eebb4d7fc98d5892efd7ad239a32211f0322b5
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for installed software on the system
-
Suspicious use of SetThreadContext
-