General
-
Target
20200804-8293847pdf.scr.exe
-
Size
43KB
-
Sample
210407-k7crn5dh12
-
MD5
d91babad9bc3c5af48f71b5d26e7dd81
-
SHA1
3a6e919d1d2de3085c261fdfb499d2bd411a8abf
-
SHA256
23668413a1cff07de7c539ce9dee7468ef08ca0b25454d7407112793ff9bc86f
-
SHA512
e54fb83c4e81025f398057f46cbff6dd2b97fefca7ed8ec7f8ae343eeec156480a350d7a9d92f89da1b919199a7bea818c0bfc29c61d4614b8bac15c0a98ab0a
Static task
static1
Behavioral task
behavioral1
Sample
20200804-8293847pdf.scr.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://milax.ml/damiano/index.php
Targets
-
-
Target
20200804-8293847pdf.scr.exe
-
Size
43KB
-
MD5
d91babad9bc3c5af48f71b5d26e7dd81
-
SHA1
3a6e919d1d2de3085c261fdfb499d2bd411a8abf
-
SHA256
23668413a1cff07de7c539ce9dee7468ef08ca0b25454d7407112793ff9bc86f
-
SHA512
e54fb83c4e81025f398057f46cbff6dd2b97fefca7ed8ec7f8ae343eeec156480a350d7a9d92f89da1b919199a7bea818c0bfc29c61d4614b8bac15c0a98ab0a
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-