General
-
Target
SKM_C258 Up21042213080.exe
-
Size
245KB
-
Sample
210422-hf9x6aj5rj
-
MD5
dc4db6a0a101c438e4fcfc94b8bf7e10
-
SHA1
d8e984558e6239d15488670ccf61b6156fa151dd
-
SHA256
62660594fe950472731f11f07d45be81e3b03880953fdc5c3b07b06fae74ea25
-
SHA512
e24ea0d8614f82fd98fe477e598acf1f310697c0aa668446698120f0d4c6a74c7f6f0f0878f1ffe081523f12b27431772b09a453c47bc7c0026d8a3988cd588d
Static task
static1
Behavioral task
behavioral1
Sample
SKM_C258 Up21042213080.exe
Resource
win7v20210410
Malware Config
Extracted
oski
45.144.225.118
Extracted
azorult
http://lexusbiscuit.com/OiuBn/index.php
Targets
-
-
Target
SKM_C258 Up21042213080.exe
-
Size
245KB
-
MD5
dc4db6a0a101c438e4fcfc94b8bf7e10
-
SHA1
d8e984558e6239d15488670ccf61b6156fa151dd
-
SHA256
62660594fe950472731f11f07d45be81e3b03880953fdc5c3b07b06fae74ea25
-
SHA512
e24ea0d8614f82fd98fe477e598acf1f310697c0aa668446698120f0d4c6a74c7f6f0f0878f1ffe081523f12b27431772b09a453c47bc7c0026d8a3988cd588d
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-