General
-
Target
6521927eec66631bc96aef3753b3dd7993b8ae9d84f139b5d284ed51fbc51c1d.exe
-
Size
164KB
-
Sample
210409-m53ynk9an6
-
MD5
9a638658721672c8e94fd3749d178b3d
-
SHA1
51ceaa20dd2d15043dd507141ec659223d0c495e
-
SHA256
6521927eec66631bc96aef3753b3dd7993b8ae9d84f139b5d284ed51fbc51c1d
-
SHA512
25c4018b7ad2421042dfa4a602eeb3429307c1110d29f8c60be8dda895ae10ac8080a5527370338a8a76cbefd874b2d74fa9fe16dede16f1720d88cb64ffbd6c
Static task
static1
Behavioral task
behavioral1
Sample
6521927eec66631bc96aef3753b3dd7993b8ae9d84f139b5d284ed51fbc51c1d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
6521927eec66631bc96aef3753b3dd7993b8ae9d84f139b5d284ed51fbc51c1d.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://kbinsure-preview.ml/AZORult/index.php
Targets
-
-
Target
6521927eec66631bc96aef3753b3dd7993b8ae9d84f139b5d284ed51fbc51c1d.exe
-
Size
164KB
-
MD5
9a638658721672c8e94fd3749d178b3d
-
SHA1
51ceaa20dd2d15043dd507141ec659223d0c495e
-
SHA256
6521927eec66631bc96aef3753b3dd7993b8ae9d84f139b5d284ed51fbc51c1d
-
SHA512
25c4018b7ad2421042dfa4a602eeb3429307c1110d29f8c60be8dda895ae10ac8080a5527370338a8a76cbefd874b2d74fa9fe16dede16f1720d88cb64ffbd6c
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-