General
-
Target
RFQ#798606.exe
-
Size
787KB
-
Sample
210408-9rlmv2n8aj
-
MD5
d8aa806c85d4bad9e6fb6e19ebd61212
-
SHA1
678d5dbb0bd3c98c5ef8b586ac0568b8c7918a5d
-
SHA256
4d72b6760e58bf7971473e286fbb2e70af7d0238ac94cbf96805d260568ac112
-
SHA512
8cb2ee9d78a9ed57e824127d501f29bfc3277696af6e23483604648a0c529ab7c81c556fdb19fd222e3a5d2201a8cd51d2615d6bdbc1055f119c610f2a418a3b
Static task
static1
Behavioral task
behavioral1
Sample
RFQ#798606.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://45.56.119.148/index.php
Targets
-
-
Target
RFQ#798606.exe
-
Size
787KB
-
MD5
d8aa806c85d4bad9e6fb6e19ebd61212
-
SHA1
678d5dbb0bd3c98c5ef8b586ac0568b8c7918a5d
-
SHA256
4d72b6760e58bf7971473e286fbb2e70af7d0238ac94cbf96805d260568ac112
-
SHA512
8cb2ee9d78a9ed57e824127d501f29bfc3277696af6e23483604648a0c529ab7c81c556fdb19fd222e3a5d2201a8cd51d2615d6bdbc1055f119c610f2a418a3b
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-