General
-
Target
Payment Advice.exe
-
Size
311KB
-
Sample
210408-12phjv3vdx
-
MD5
050fe32dbac2a40f18acdc43a8f6a31a
-
SHA1
25fcbceb5ada19e7637544ec5b6e2cd943bf169e
-
SHA256
eb7c92906b19491e5e670801cbcf189cf105f8e46a0e20c2bc8c7ab14cc1b9c7
-
SHA512
e97d1640a2ae33b585eae3079e95ea9c09cee2a57a338433a811986cbbe88cf2c14e04b9e4fff40ad98e7442b1dec9b940e590ca333cc3ed49a0a58cce0ae9a4
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://bengalcement.com.bd/AxPu/index.php
Targets
-
-
Target
Payment Advice.exe
-
Size
311KB
-
MD5
050fe32dbac2a40f18acdc43a8f6a31a
-
SHA1
25fcbceb5ada19e7637544ec5b6e2cd943bf169e
-
SHA256
eb7c92906b19491e5e670801cbcf189cf105f8e46a0e20c2bc8c7ab14cc1b9c7
-
SHA512
e97d1640a2ae33b585eae3079e95ea9c09cee2a57a338433a811986cbbe88cf2c14e04b9e4fff40ad98e7442b1dec9b940e590ca333cc3ed49a0a58cce0ae9a4
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-