General
-
Target
Copy of SN po_1100111010.r10
-
Size
232KB
-
Sample
210415-gvv9mtxbg6
-
MD5
3937caf54bcc1b10dfa2c0c8fa323ebd
-
SHA1
18fb9a5feb578b61e57041bce5b3f6ddbe1e1143
-
SHA256
8aab7c82bd2fdb732deaa0a13703fd525820af323b38a48787a266bd41963f91
-
SHA512
215ac4a518f42f6883c281bf227ef9a4aa8d654b261216e0a9d3e93f35f8d8b6e4d06d772cb9562691665c04b0dc24b1af17661e63539bd98308d44d41b51923
Static task
static1
Behavioral task
behavioral1
Sample
Copy of SN po_1100111010.exe
Resource
win7v20210408
Malware Config
Extracted
oski
45.144.225.118
Extracted
azorult
http://lexusbiscuit.com/OiuBn/index.php
Targets
-
-
Target
Copy of SN po_1100111010.exe
-
Size
246KB
-
MD5
3b6e9a0e999ec5d9bc5c54ae54048c52
-
SHA1
f146a15efc6ec066455068a3e4d5b36b1ef2a567
-
SHA256
c4553e1a62dfc26ae2dd5914a6fb8ea3a7f5ecb7cbb9ca5668dd6024328e9b6c
-
SHA512
97c5e1bef7e8df3474efaa60937a80f91f717494f260354c207c6a026c2d28a5db833575232973296a61be75487523e85139cc322cd85c86294f95035233d765
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-