General
-
Target
EF9CD60A0EAFF97739F93B74525150DA.exe
-
Size
112KB
-
Sample
210325-rfb1r9gnba
-
MD5
ef9cd60a0eaff97739f93b74525150da
-
SHA1
8669815a5c44a34628b525a805b3523d067fe200
-
SHA256
2d25d136b12c900209489988b87ec94520c0734f4f31d4497fa47dfefc551bb4
-
SHA512
1aa3d37ddf8dff3688497b2b04bc94055f0292830066e774dfda11c9f32b904096fbd8e55c0c30ea33008d6a52d1c18a3bdba537581e7d9d7783e8179da5b9e8
Static task
static1
Behavioral task
behavioral1
Sample
EF9CD60A0EAFF97739F93B74525150DA.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
EF9CD60A0EAFF97739F93B74525150DA.exe
-
Size
112KB
-
MD5
ef9cd60a0eaff97739f93b74525150da
-
SHA1
8669815a5c44a34628b525a805b3523d067fe200
-
SHA256
2d25d136b12c900209489988b87ec94520c0734f4f31d4497fa47dfefc551bb4
-
SHA512
1aa3d37ddf8dff3688497b2b04bc94055f0292830066e774dfda11c9f32b904096fbd8e55c0c30ea33008d6a52d1c18a3bdba537581e7d9d7783e8179da5b9e8
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-