General
-
Target
P.Order #3434.exe
-
Size
1.7MB
-
Sample
210507-qazylweeg6
-
MD5
b5090c112b6fc79a202ea0488279e184
-
SHA1
29cb202ec34c167fb61d35b95463f44d37c62c10
-
SHA256
78c09ced1d0c809a20190231684d210cf48e0c03415026bdd9266a6c3d8a3c72
-
SHA512
f1b45e3b4f5080e1714f29792f7a9443209443d1e5241406ef84dffb8d22d9bb7306197e51a8872ecc58a4a06ab41001dfa8bebe862a48539f962b7d3d97202c
Static task
static1
Behavioral task
behavioral1
Sample
P.Order #3434.exe
Resource
win7v20210408
Malware Config
Extracted
azorult
http://joemoore.dx.am/index.php
Targets
-
-
Target
P.Order #3434.exe
-
Size
1.7MB
-
MD5
b5090c112b6fc79a202ea0488279e184
-
SHA1
29cb202ec34c167fb61d35b95463f44d37c62c10
-
SHA256
78c09ced1d0c809a20190231684d210cf48e0c03415026bdd9266a6c3d8a3c72
-
SHA512
f1b45e3b4f5080e1714f29792f7a9443209443d1e5241406ef84dffb8d22d9bb7306197e51a8872ecc58a4a06ab41001dfa8bebe862a48539f962b7d3d97202c
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-