General
-
Target
gunzipped
-
Size
585KB
-
Sample
201109-a4r3rrmmys
-
MD5
aa13abcbaf1697b198400cef3838565d
-
SHA1
ba6f2484092471309cdff846434986f0eb26cfa6
-
SHA256
980fb51b13fc0116ca06b8e5d8116569942b53eb4ae54c33b62e731f149cb136
-
SHA512
4f957f397c62cbc515ebb8ca9953d60ecceb800616922a3302cf1ca78b168a58dc6031b65110afd614d17650f2e99e320ee249163e22dadde150878b571f2769
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
gunzipped.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
https://sofcoholidays.com/wp-includes/js/crop/az/index.php
Targets
-
-
Target
gunzipped
-
Size
585KB
-
MD5
aa13abcbaf1697b198400cef3838565d
-
SHA1
ba6f2484092471309cdff846434986f0eb26cfa6
-
SHA256
980fb51b13fc0116ca06b8e5d8116569942b53eb4ae54c33b62e731f149cb136
-
SHA512
4f957f397c62cbc515ebb8ca9953d60ecceb800616922a3302cf1ca78b168a58dc6031b65110afd614d17650f2e99e320ee249163e22dadde150878b571f2769
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-