General
-
Target
c55fb052559ac157f5ea032c6fb9bcde099774aae466f206712e5c9c6da2e6bd.exe
-
Size
995KB
-
Sample
210108-x3jqepxads
-
MD5
4bf8fe02eb7e322bef254486723216be
-
SHA1
4a901979a02dff21521ec2844caa7dc34857a234
-
SHA256
c55fb052559ac157f5ea032c6fb9bcde099774aae466f206712e5c9c6da2e6bd
-
SHA512
0308e7be955361b0e558eee9937743c6ad2c5ab3ff44ff3675f8416b9cfb907f40cea0bc067934436a33b897d9e2f9c931a751ebcc9dfede918d5c88ea4e1e4e
Static task
static1
Behavioral task
behavioral1
Sample
c55fb052559ac157f5ea032c6fb9bcde099774aae466f206712e5c9c6da2e6bd.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
regay.ac.ug
Targets
-
-
Target
c55fb052559ac157f5ea032c6fb9bcde099774aae466f206712e5c9c6da2e6bd.exe
-
Size
995KB
-
MD5
4bf8fe02eb7e322bef254486723216be
-
SHA1
4a901979a02dff21521ec2844caa7dc34857a234
-
SHA256
c55fb052559ac157f5ea032c6fb9bcde099774aae466f206712e5c9c6da2e6bd
-
SHA512
0308e7be955361b0e558eee9937743c6ad2c5ab3ff44ff3675f8416b9cfb907f40cea0bc067934436a33b897d9e2f9c931a751ebcc9dfede918d5c88ea4e1e4e
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-