General
-
Target
5e76ff3a2c09d0d23c33ea120c80e84c72e0ef705b03c1106056399e620effa2
-
Size
656KB
-
Sample
201112-2nehwfgzyx
-
MD5
caef8427511572beb9943b7b7db02687
-
SHA1
0830dcb74594d043d2d23bca12377a92753fee7f
-
SHA256
5e76ff3a2c09d0d23c33ea120c80e84c72e0ef705b03c1106056399e620effa2
-
SHA512
eaa9ffd0e9ff9448efa20375858122d39a72b1d9ed91547403bb10a3d07284acba31a946c21196b7d9f6a526d0cce8019e094e9b39e06898ee8b2f778a5403ec
Static task
static1
Behavioral task
behavioral1
Sample
5e76ff3a2c09d0d23c33ea120c80e84c72e0ef705b03c1106056399e620effa2.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5e76ff3a2c09d0d23c33ea120c80e84c72e0ef705b03c1106056399e620effa2.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://tong-honq.com/azo/amon/index.php
Targets
-
-
Target
5e76ff3a2c09d0d23c33ea120c80e84c72e0ef705b03c1106056399e620effa2
-
Size
656KB
-
MD5
caef8427511572beb9943b7b7db02687
-
SHA1
0830dcb74594d043d2d23bca12377a92753fee7f
-
SHA256
5e76ff3a2c09d0d23c33ea120c80e84c72e0ef705b03c1106056399e620effa2
-
SHA512
eaa9ffd0e9ff9448efa20375858122d39a72b1d9ed91547403bb10a3d07284acba31a946c21196b7d9f6a526d0cce8019e094e9b39e06898ee8b2f778a5403ec
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-