General
-
Target
IMG_767893434432.scr
-
Size
360KB
-
Sample
210407-y4zax1my52
-
MD5
641e970f32447644bd26570d3be688a1
-
SHA1
fb4aac120c7d4543326e06f1438a570a62524b86
-
SHA256
2084b62c05ac13dfa48fde86f237473d35f3f169c030b829ceb49f3005b6451c
-
SHA512
6b89cb2faa64a2345a61792c5ac577b73aa11d9072185ab2f31a2b61a5c1d68784cf85d5702941ba5ef9c5bd8f82cb53113906a4e437cb7648e307d043904bbe
Static task
static1
Behavioral task
behavioral1
Sample
IMG_767893434432.scr
Resource
win7v20201028
Malware Config
Extracted
azorult
https://sterline.lt/lokk/32/index.php
Targets
-
-
Target
IMG_767893434432.scr
-
Size
360KB
-
MD5
641e970f32447644bd26570d3be688a1
-
SHA1
fb4aac120c7d4543326e06f1438a570a62524b86
-
SHA256
2084b62c05ac13dfa48fde86f237473d35f3f169c030b829ceb49f3005b6451c
-
SHA512
6b89cb2faa64a2345a61792c5ac577b73aa11d9072185ab2f31a2b61a5c1d68784cf85d5702941ba5ef9c5bd8f82cb53113906a4e437cb7648e307d043904bbe
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-