General
-
Target
Confirmarea platii.pdf.exe
-
Size
631KB
-
Sample
210408-1msd25gbke
-
MD5
a9461a422b9a1cdfdac11f37824f8b16
-
SHA1
dcbdb76dbed4aa2f5881fe363306cdedb364b378
-
SHA256
fe74f2726a9eeca44293fa7e9ad023ff0765a4474525bd834a379e21d2bc281e
-
SHA512
510817471a9f7fd2d4d1dbdbf0115a4b788654ecc38b59424154ebe02eaebc1362e82e9d3f05181dcfefac0eca3e5888f8c10715f54658b259e07802338c9b0f
Static task
static1
Behavioral task
behavioral1
Sample
Confirmarea platii.pdf.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://alfawood.us/mkdgs/index.php
Targets
-
-
Target
Confirmarea platii.pdf.exe
-
Size
631KB
-
MD5
a9461a422b9a1cdfdac11f37824f8b16
-
SHA1
dcbdb76dbed4aa2f5881fe363306cdedb364b378
-
SHA256
fe74f2726a9eeca44293fa7e9ad023ff0765a4474525bd834a379e21d2bc281e
-
SHA512
510817471a9f7fd2d4d1dbdbf0115a4b788654ecc38b59424154ebe02eaebc1362e82e9d3f05181dcfefac0eca3e5888f8c10715f54658b259e07802338c9b0f
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-