General
-
Target
e40630059f781ce323021a6d26ba6f7806061aede715b94ad0288e01d79cbad8
-
Size
2.0MB
-
Sample
210508-1pg648dq4a
-
MD5
e7bb33ab749e3b1b73e8957cd14e152f
-
SHA1
4f998d5e97b4eb1476816f6621819ef0f65ac5d1
-
SHA256
e40630059f781ce323021a6d26ba6f7806061aede715b94ad0288e01d79cbad8
-
SHA512
919dc31a447bf32e693bf9b2004943affda7e70f0346a73a8861c040d37c85196eecfbf5cb4e30556396b0647374455ec822f8aa661185bcd48e0f1631ebe3d2
Static task
static1
Behavioral task
behavioral1
Sample
e40630059f781ce323021a6d26ba6f7806061aede715b94ad0288e01d79cbad8.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
e40630059f781ce323021a6d26ba6f7806061aede715b94ad0288e01d79cbad8.exe
Resource
win10v20210410
Malware Config
Extracted
azorult
http://0x21.in:8000/_az/
Targets
-
-
Target
e40630059f781ce323021a6d26ba6f7806061aede715b94ad0288e01d79cbad8
-
Size
2.0MB
-
MD5
e7bb33ab749e3b1b73e8957cd14e152f
-
SHA1
4f998d5e97b4eb1476816f6621819ef0f65ac5d1
-
SHA256
e40630059f781ce323021a6d26ba6f7806061aede715b94ad0288e01d79cbad8
-
SHA512
919dc31a447bf32e693bf9b2004943affda7e70f0346a73a8861c040d37c85196eecfbf5cb4e30556396b0647374455ec822f8aa661185bcd48e0f1631ebe3d2
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-