General
-
Target
2233af88b1f14a01921806ef1c91df8a7686d898c03fb700144d0d6c2feb374b.exe
-
Size
164KB
-
Sample
210409-421bwra92a
-
MD5
e321f0c21e0e4005887cce488b0fd2e0
-
SHA1
97e1ebc4b4a2ef188c31b61fcf4d35acadbdf8b3
-
SHA256
2233af88b1f14a01921806ef1c91df8a7686d898c03fb700144d0d6c2feb374b
-
SHA512
7b6d8c92249fb9d126a6c744a6195f2460b0d0412c7a4e4ffc77dff3a62c20df54721673138da0cdd22090c9b830d214c25169b2711e794924ee7ce95347e889
Static task
static1
Behavioral task
behavioral1
Sample
2233af88b1f14a01921806ef1c91df8a7686d898c03fb700144d0d6c2feb374b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2233af88b1f14a01921806ef1c91df8a7686d898c03fb700144d0d6c2feb374b.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://mbstechnology.redirectme.net/index.php
Targets
-
-
Target
2233af88b1f14a01921806ef1c91df8a7686d898c03fb700144d0d6c2feb374b.exe
-
Size
164KB
-
MD5
e321f0c21e0e4005887cce488b0fd2e0
-
SHA1
97e1ebc4b4a2ef188c31b61fcf4d35acadbdf8b3
-
SHA256
2233af88b1f14a01921806ef1c91df8a7686d898c03fb700144d0d6c2feb374b
-
SHA512
7b6d8c92249fb9d126a6c744a6195f2460b0d0412c7a4e4ffc77dff3a62c20df54721673138da0cdd22090c9b830d214c25169b2711e794924ee7ce95347e889
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-