General
-
Target
3f1a2ab1e63458d3c75ded4c3f4d47c5.exe
-
Size
2.0MB
-
Sample
201004-zk73d4dxke
-
MD5
3f1a2ab1e63458d3c75ded4c3f4d47c5
-
SHA1
10d187b94b082e33513030ac825de250eec0dd5a
-
SHA256
61198dcb525d78061585053ddc30e99ca70842899622e333eb64d3b68ee7a167
-
SHA512
1fcc78d47e7527c50ad83c5dee4310dea72f9f5f95c759b59f921adc4cf113fcce8aab69642dfbb6013f5e9d1b5996a36ba8fc5f866f22ed34f4305e3d512c45
Static task
static1
Behavioral task
behavioral1
Sample
3f1a2ab1e63458d3c75ded4c3f4d47c5.exe
Resource
win7
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
raccoon
72a49aa9fe2bba34809c9123d222cef121eb3d38
-
url4cnc
https://telete.in/brikitiki
Extracted
oski
malarcvgs.ac.ug
Extracted
asyncrat
0.5.7B
masonp.ac.ug:6970
marcapalgo.ug:6970
AsyncMutex_6SI8OkPnk
-
aes_key
8mYi28y4mrIIgAY4z5LziR6M66VfapOc
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
masonp.ac.ug,marcapalgo.ug
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6970
-
version
0.5.7B
Targets
-
-
Target
3f1a2ab1e63458d3c75ded4c3f4d47c5.exe
-
Size
2.0MB
-
MD5
3f1a2ab1e63458d3c75ded4c3f4d47c5
-
SHA1
10d187b94b082e33513030ac825de250eec0dd5a
-
SHA256
61198dcb525d78061585053ddc30e99ca70842899622e333eb64d3b68ee7a167
-
SHA512
1fcc78d47e7527c50ad83c5dee4310dea72f9f5f95c759b59f921adc4cf113fcce8aab69642dfbb6013f5e9d1b5996a36ba8fc5f866f22ed34f4305e3d512c45
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Async RAT payload
-
ModiLoader Second Stage
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-