General
-
Target
REQUEST FOR QUOTATION.bin.zip
-
Size
388KB
-
Sample
201105-bp6tzzsy5x
-
MD5
410b169a3f9d4547065280cd45a0d90c
-
SHA1
7f80d86b61ff6076cdee5dd7e1294a83593a1d04
-
SHA256
91b2e78c154a57f1827c8cffb10217f450954fb70bf800a41730fc337d12d022
-
SHA512
5e7880cec7ca2c40551bab2feb0f773942531f87e58754b3350301daa8fc2f1956004c5d62fde2f9d4c9de3a85deb7649f898584257ae0a849253cc095ad7619
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION.bin.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://daa-hu.com/azzzzz/index.php
Targets
-
-
Target
REQUEST FOR QUOTATION.bin
-
Size
583KB
-
MD5
e46e858d297e0aee0aad400b334d41c6
-
SHA1
2f2382e23020fa788a5f65fbf2ffd71c91259de5
-
SHA256
2eb7025d1bb7a0b2d5020313b699266d19c6be0e7087dbfcbcd861f310c7d35b
-
SHA512
bd8c9c1484c9df9435766bf5204e9b728d2101c69daafeb044f6162f31504e4c9f9a37850f9a6a2099ed7217f7a2f896eb0175133fa5687ae01291633a325dc3
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Deletes itself
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Suspicious use of SetThreadContext
-