General
-
Target
SecuriteInfo.com.Trojan.Inject4.11083.19609.1028
-
Size
587KB
-
Sample
210430-4x15jjzbb2
-
MD5
eb6c0ff23c01dd3528789c8142890547
-
SHA1
7cfed1e8bed52f4f376e5702dc303b6235b8a19d
-
SHA256
fe69416ea50c8316791d7de7da893f9189c3d5f34cb9c64026206d19325ef5c5
-
SHA512
0e3bf1fbbe15a26d6648a1eca4f2d66544a9d4293956aaaac8d258141d74ce11d4849b610285342219d315836dbe9e71aec9a1896020bb5def645ccdf994d94b
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject4.11083.19609.1028.exe
Resource
win7v20210408
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
malcacnba.ac.ug
Targets
-
-
Target
SecuriteInfo.com.Trojan.Inject4.11083.19609.1028
-
Size
587KB
-
MD5
eb6c0ff23c01dd3528789c8142890547
-
SHA1
7cfed1e8bed52f4f376e5702dc303b6235b8a19d
-
SHA256
fe69416ea50c8316791d7de7da893f9189c3d5f34cb9c64026206d19325ef5c5
-
SHA512
0e3bf1fbbe15a26d6648a1eca4f2d66544a9d4293956aaaac8d258141d74ce11d4849b610285342219d315836dbe9e71aec9a1896020bb5def645ccdf994d94b
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-