General
-
Target
SecuriteInfo.com.Trojan.InjectNET.14.29094.19259
-
Size
750KB
-
Sample
201106-f54stmfmgs
-
MD5
5516ba90dc9a6978aaec99276ba4383c
-
SHA1
16f1c63a7f768f31395f3b6567dbe76a562ef9e4
-
SHA256
313aeafc8c5a3e9e04b4ae04339fd3e827392bdad7897ca2d146ed0f17572cf1
-
SHA512
2f7914d1652dfa7f64e528380d752996c037e863e9394deefb26d5231c5fdbe43eeb5bdb440fcadf3f00b9c9c7175b492ebee2266903e8697c5232d3a56aaf3b
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.InjectNET.14.29094.19259.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
morasergiov.ac.ug
Targets
-
-
Target
SecuriteInfo.com.Trojan.InjectNET.14.29094.19259
-
Size
750KB
-
MD5
5516ba90dc9a6978aaec99276ba4383c
-
SHA1
16f1c63a7f768f31395f3b6567dbe76a562ef9e4
-
SHA256
313aeafc8c5a3e9e04b4ae04339fd3e827392bdad7897ca2d146ed0f17572cf1
-
SHA512
2f7914d1652dfa7f64e528380d752996c037e863e9394deefb26d5231c5fdbe43eeb5bdb440fcadf3f00b9c9c7175b492ebee2266903e8697c5232d3a56aaf3b
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-