General
-
Target
902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
-
Size
2.0MB
-
Sample
210508-ql3pjnjqva
-
MD5
b3440009f3da8d254ef59e62a3121d7b
-
SHA1
6da1cdea93f60b4c93004968a4d48108a741b77e
-
SHA256
902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
-
SHA512
a890e8e35834b96d9996ecabf5ad3787a51d4a093cd398295c27de57e5cda3f53926e60402e1e2d003f37a8af8b3a0c8db8cdc7607b075c1e05bde60142d90e6
Static task
static1
Behavioral task
behavioral1
Sample
902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75.exe
Resource
win10v20210408
Malware Config
Extracted
azorult
http://0x21.in:8000/_az/
Targets
-
-
Target
902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
-
Size
2.0MB
-
MD5
b3440009f3da8d254ef59e62a3121d7b
-
SHA1
6da1cdea93f60b4c93004968a4d48108a741b77e
-
SHA256
902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
-
SHA512
a890e8e35834b96d9996ecabf5ad3787a51d4a093cd398295c27de57e5cda3f53926e60402e1e2d003f37a8af8b3a0c8db8cdc7607b075c1e05bde60142d90e6
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-