General
-
Target
200303-9d7lv2sqve_pw_infected.zip
-
Size
2.8MB
-
Sample
201123-ztvclwj7dx
-
MD5
f40b7564a4d2e78157396342c2266260
-
SHA1
d02fd117a7cf5b72fe458a425682a92030c2bc7c
-
SHA256
b536109b12ec8997266a6c403c538ebbe5fcb6f148920cd3441d777585d6a2ff
-
SHA512
bec212a51a7f36f293568052c3b11f11502a81dc9ae02b014b32efcb5f6dfba9a13fab9472f7fa5da989975d374ac72a617f7e85ce5a62d73f4e34dbc5e78ecb
Static task
static1
Behavioral task
behavioral1
Sample
Corona-virus-Map.com.bin.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://coronavirusstatus.space/index.php
Targets
-
-
Target
Corona-virus-Map.com.bin
-
Size
3.3MB
-
MD5
73da2c02c6f8bfd4662dc84820dcd983
-
SHA1
949b69bf87515ad8945ce9a79f68f8b788c0ae39
-
SHA256
2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307
-
SHA512
43daa65bc057abc5e07b909eb71361c8488863c7c8a4a271b426b06cb8c16d3f7db8e66051627a50d392ff088cd619e00a7ac075454dccf901a4271251c9c6e3
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-