General
-
Target
SKM_C258 Up21042213080.exe
-
Size
245KB
-
Sample
210422-6jdjc2c29x
-
MD5
4b307765c72ab613ab271134f9f2a818
-
SHA1
7c16e65a70d92c7a633990c772242a5069b79423
-
SHA256
a2941f7a8317fef14fd8297468e6dab4f2fb3dec806871dbd4cb7f9c7ade5b4e
-
SHA512
177f17e4447291f16ab4b174ada22ee214bd67c6df57f04e8dd464c86c6fec0cde27b68066fcae8ec4ee62e9b61ad8b5f331bd1e564315eb5e8341391a30588b
Static task
static1
Behavioral task
behavioral1
Sample
SKM_C258 Up21042213080.exe
Resource
win7v20210410
Malware Config
Extracted
oski
45.144.225.118
Extracted
azorult
http://lexusbiscuit.com/OiuBn/index.php
Targets
-
-
Target
SKM_C258 Up21042213080.exe
-
Size
245KB
-
MD5
4b307765c72ab613ab271134f9f2a818
-
SHA1
7c16e65a70d92c7a633990c772242a5069b79423
-
SHA256
a2941f7a8317fef14fd8297468e6dab4f2fb3dec806871dbd4cb7f9c7ade5b4e
-
SHA512
177f17e4447291f16ab4b174ada22ee214bd67c6df57f04e8dd464c86c6fec0cde27b68066fcae8ec4ee62e9b61ad8b5f331bd1e564315eb5e8341391a30588b
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-