Extracted

• • Target

    fe1b4c61d1b55965a4110b896daec0051ebca266c20c8f75d839e42b03587ec4.exe

  • Size

    837KB

  • MD5

    598ba912454b81e94bb0b68de4b0b874

  • SHA1

    dcd04b735be74b8110c69bb906e28ad3ef8e48bd

  • SHA256

    fe1b4c61d1b55965a4110b896daec0051ebca266c20c8f75d839e42b03587ec4

  • SHA512

    9b0ba1fdef45b07842d9a366517e31e902a24a616f573526d8ce4dc365c2d66afedab413d0de8618010a962b8a3d46df911e1e0a5d9cce13f56abd876e90b616

  Score

  10^/10

  azorultdiscoveryinfostealerspywaretrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • JavaScript code in executable

  • Suspicious use of SetThreadContext

  behavioral1behavioral2