General
-
Target
13a8ca17d4b77f65052f928f39ef46b8.exe
-
Size
221KB
-
Sample
210428-fz7pb7gxvs
-
MD5
13a8ca17d4b77f65052f928f39ef46b8
-
SHA1
3c61930f2dfcbd798a063137629ef33f222855ca
-
SHA256
5a38b12ebce12dde580da36ee1b4a5c0387f9e81f7f738c278b60d5781dad6eb
-
SHA512
df7938528522073cbb95c3aee4c2c24abf519c87190f35650a41979601c6611e0c0c6cfb3208f71bfcbba4ce45ba0af65ddf5ca87d68c93848f76ddb84fdacce
Static task
static1
Behavioral task
behavioral1
Sample
13a8ca17d4b77f65052f928f39ef46b8.exe
Resource
win7v20210408
Malware Config
Extracted
oski
5llion.com
Extracted
azorult
http://bengalcement.com.bd/AxPu/index.php
Targets
-
-
Target
13a8ca17d4b77f65052f928f39ef46b8.exe
-
Size
221KB
-
MD5
13a8ca17d4b77f65052f928f39ef46b8
-
SHA1
3c61930f2dfcbd798a063137629ef33f222855ca
-
SHA256
5a38b12ebce12dde580da36ee1b4a5c0387f9e81f7f738c278b60d5781dad6eb
-
SHA512
df7938528522073cbb95c3aee4c2c24abf519c87190f35650a41979601c6611e0c0c6cfb3208f71bfcbba4ce45ba0af65ddf5ca87d68c93848f76ddb84fdacce
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-