General
-
Target
12104051Y0.r19
-
Size
251KB
-
Sample
210407-1fq7bteeza
-
MD5
fcb28bcb25d7b68ccdb7a7cd7184a725
-
SHA1
09f6a36efae85580b8265b9de1749c37fa11c32f
-
SHA256
88d85389a8bc58e0fa3ccb779d27f1335315defa9e9d2b6daf7efa36bd73497b
-
SHA512
29f5cb264c56bd0de9e13244af2fa463d4033f74af116c6739fb4bf09ff988fb3876c4209ba5ce532be05c61b92a1ad98f514d516f4e35ce204e17bacc11b71e
Malware Config
Extracted
azorult
http://bengalcement.com.bd/AxPu/index.php
Targets
-
-
Target
12104051Y0.exe
-
Size
367KB
-
MD5
825b7a085ae7207655bdd513e2c70a6b
-
SHA1
c57c0456d65d5fbb11c3356428d894e4de342161
-
SHA256
6a224b836950c4a18a5ecc67634a231418b62d9ef81b7fb6cf26dfba00d5c9d0
-
SHA512
bb416154836e2619ed54f72894901930ea1889e8a2d0fd0f020e6a4618918fb5f90db593b41fc180a6bd0560ac0e6f773a655927ad4d6930b15de67da0854c08
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-