General
-
Target
2a3b95333b3713ab5478bcb3dc1bbdddc63857a526b8a52ba84a56050d45c723.exe
-
Size
666KB
-
Sample
210111-ka5gkyf2f6
-
MD5
b2b35149d5a5631cd8d49676c2d81fdd
-
SHA1
e2715538c35f8c1c6092354b46828698664f0af9
-
SHA256
2a3b95333b3713ab5478bcb3dc1bbdddc63857a526b8a52ba84a56050d45c723
-
SHA512
7f2746bfba5ea189d5a8f68ba706fd414e53a9bf1a3a494a31835006cee3400bd447ccf0b984e9bc467c7f464fcf3f96c94b28f3d7523939124ecb8c3e171ec8
Malware Config
Extracted
azorult
http://al-ifah.com/PL342/index.php
Targets
-
-
Target
2a3b95333b3713ab5478bcb3dc1bbdddc63857a526b8a52ba84a56050d45c723.exe
-
Size
666KB
-
MD5
b2b35149d5a5631cd8d49676c2d81fdd
-
SHA1
e2715538c35f8c1c6092354b46828698664f0af9
-
SHA256
2a3b95333b3713ab5478bcb3dc1bbdddc63857a526b8a52ba84a56050d45c723
-
SHA512
7f2746bfba5ea189d5a8f68ba706fd414e53a9bf1a3a494a31835006cee3400bd447ccf0b984e9bc467c7f464fcf3f96c94b28f3d7523939124ecb8c3e171ec8
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Suspicious use of SetThreadContext
-