General
-
Target
4a3c159d0b62a125581bce5cd63f7216751b5c30ebb5098245e16b2ec0de9d56
-
Size
2.0MB
-
Sample
210508-qjcs95b1da
-
MD5
baf7dc29e577a1877cb24115ea687092
-
SHA1
01091eded50925c119bafbd4f5b57ff9d2b695a2
-
SHA256
4a3c159d0b62a125581bce5cd63f7216751b5c30ebb5098245e16b2ec0de9d56
-
SHA512
594f4708a36229923129f82175706d1b07715e60b448f06a7cf34a8b7f985c231ed80b27cf5358625010b61014458cf1b3afd92930fc2819c1a5b9fa1d9f85b0
Static task
static1
Behavioral task
behavioral1
Sample
4a3c159d0b62a125581bce5cd63f7216751b5c30ebb5098245e16b2ec0de9d56.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
4a3c159d0b62a125581bce5cd63f7216751b5c30ebb5098245e16b2ec0de9d56.exe
Resource
win10v20210410
Malware Config
Extracted
azorult
http://0x21.in:8000/_az/
Targets
-
-
Target
4a3c159d0b62a125581bce5cd63f7216751b5c30ebb5098245e16b2ec0de9d56
-
Size
2.0MB
-
MD5
baf7dc29e577a1877cb24115ea687092
-
SHA1
01091eded50925c119bafbd4f5b57ff9d2b695a2
-
SHA256
4a3c159d0b62a125581bce5cd63f7216751b5c30ebb5098245e16b2ec0de9d56
-
SHA512
594f4708a36229923129f82175706d1b07715e60b448f06a7cf34a8b7f985c231ed80b27cf5358625010b61014458cf1b3afd92930fc2819c1a5b9fa1d9f85b0
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-