Extracted

• • Target

    7229eda7f70cf4048d377a97e470953853458f1635e9c426c042290fef14d979.exe

  • Size

    636KB

  • MD5

    2edd9a1371bf6e4c083f1e3994eef2ae

  • SHA1

    d9d065026f07524f633d13007c20a1ddd04b3f0d

  • SHA256

    7229eda7f70cf4048d377a97e470953853458f1635e9c426c042290fef14d979

  • SHA512

    872d5336554aa5bcee6c3cdef4d07d6565e61a0c2a9a7430dd8c43ef0055bbd0622b486a6779aebab2e04bd0ed8a0e192f96399a0aa401336ecdcea2f5ef30fa

  Score

  10^/10

  azorultdiscoveryinfostealerspywaretrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • JavaScript code in executable

  • Suspicious use of SetThreadContext

  behavioral1behavioral2