General
-
Target
3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9.exe
-
Size
662KB
-
Sample
210120-3bm1qqwzmx
-
MD5
06904ee5e04abada43cb86d7a0457b5e
-
SHA1
749902ad199c0c1063ec0c0150db410f8579c54b
-
SHA256
3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9
-
SHA512
cb79a70da1d32501ed647b69198804eb37774624910b97a600c0a07a0aacd54ca1eec6e42261e4df7f4590c746e573aae4ace775d21d22577d472cc31cdd5016
Static task
static1
Behavioral task
behavioral1
Sample
3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://al-ifah.com/PL341/index.php
Targets
-
-
Target
3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9.exe
-
Size
662KB
-
MD5
06904ee5e04abada43cb86d7a0457b5e
-
SHA1
749902ad199c0c1063ec0c0150db410f8579c54b
-
SHA256
3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9
-
SHA512
cb79a70da1d32501ed647b69198804eb37774624910b97a600c0a07a0aacd54ca1eec6e42261e4df7f4590c746e573aae4ace775d21d22577d472cc31cdd5016
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-