General
-
Target
TRF556.r19
-
Size
140KB
-
Sample
210407-b8kz1k438a
-
MD5
e5a4b3f7b6aa1dd46d1ba0ebda16b1b2
-
SHA1
8d7c72fc42ad866a1e71704443e386dba3b7a114
-
SHA256
d50c0940cc8fbd9191605300ba3d46b37fca50e66bae3e498f8db1d69765c324
-
SHA512
8e7c2c8f1a3e2d815bfbd23ff91fa466fe74e3a8709407e4361d84ef5825acec1a314ec0bd97d65c1ca62386db855557e9a2a93c45e915c7a1fa7d73b3a31410
Static task
static1
Behavioral task
behavioral1
Sample
TRF556.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
TRF556.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://staging.onyxa.pl/XyuTr/index.php
Targets
-
-
Target
TRF556.exe
-
Size
151KB
-
MD5
176a4c87caf897d3f61d61982d15cc3f
-
SHA1
ae7929d20aa539f2cb335da583e65c34ebc8570e
-
SHA256
e1cd2c612de575de87de7747c4efe1235d5e5011beb913666ed449031fcf98da
-
SHA512
feef09d6755d95def859dbd48624305ea4bc1b7574d1c5f177376d683bbb65618938a098ae70a4f0acd4619b96d17d7f52040796a250d329a5c3c171fa55a66b
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-