General
-
Target
Req for Quote.exe
-
Size
785KB
-
Sample
210426-y641gqvnna
-
MD5
a5783d28789885a67a334024bd22ab1f
-
SHA1
b42652b9419c64c341624dbfe6da90dd82e23348
-
SHA256
ff3499b34ada865008b68534d91cdc6b0bfc975e7d55f3a53e3bd92dd68d4066
-
SHA512
02b9a99424fe3f507b668fd972fa8e72cd9a71d59be6172e0fadf182f7239cdb6a26d68c328b994b4802a0da342af934aa64eef56e19c301e428d4cda75288d0
Static task
static1
Behavioral task
behavioral1
Sample
Req for Quote.exe
Resource
win7v20210410
Malware Config
Extracted
azorult
http://45.144.225.131/index.php
Targets
-
-
Target
Req for Quote.exe
-
Size
785KB
-
MD5
a5783d28789885a67a334024bd22ab1f
-
SHA1
b42652b9419c64c341624dbfe6da90dd82e23348
-
SHA256
ff3499b34ada865008b68534d91cdc6b0bfc975e7d55f3a53e3bd92dd68d4066
-
SHA512
02b9a99424fe3f507b668fd972fa8e72cd9a71d59be6172e0fadf182f7239cdb6a26d68c328b994b4802a0da342af934aa64eef56e19c301e428d4cda75288d0
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-