General
-
Target
MTIR20283256_2101013335_20200507083759.exe
-
Size
991KB
-
Sample
201109-2z6zwvstns
-
MD5
24c3c3e947e5d29f8de2f545baaaec8e
-
SHA1
6fb52f0f5fec4a0699903f3777c331acd8c9c044
-
SHA256
84783d501b78575f30aa33097f9c7c885542b892512403424fc069b048189e98
-
SHA512
483ea766f3d4591ff164974f6d7c71633e192a9cbd70cb1f00e8364934c5c8bca6e8a6d43995170bb3d0eefdec9ab0eb8e3dd984ae54b8cc056759cea5e51e41
Malware Config
Extracted
azorult
http://ensaenerji.com/mep/index.php
Targets
-
-
Target
MTIR20283256_2101013335_20200507083759.exe
-
Size
991KB
-
MD5
24c3c3e947e5d29f8de2f545baaaec8e
-
SHA1
6fb52f0f5fec4a0699903f3777c331acd8c9c044
-
SHA256
84783d501b78575f30aa33097f9c7c885542b892512403424fc069b048189e98
-
SHA512
483ea766f3d4591ff164974f6d7c71633e192a9cbd70cb1f00e8364934c5c8bca6e8a6d43995170bb3d0eefdec9ab0eb8e3dd984ae54b8cc056759cea5e51e41
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-