General
-
Target
4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
-
Size
1.9MB
-
Sample
210509-5d4ythap7e
-
MD5
be2de5463fff77d33317c926421ba040
-
SHA1
eea7d85b92d2a2c1fda03364882be19703484ba8
-
SHA256
4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
-
SHA512
bc60e5ae5de7dd13280d39c515065e9b70aaec0a06a7571e38ac2055648f33058e8cdcd2eba1a569b5e60edcbae2d913ff542c6d3571b6d49879ea0f59729fc4
Static task
static1
Behavioral task
behavioral1
Sample
4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2.exe
Resource
win10v20210410
Malware Config
Extracted
azorult
http://work.wrklantc.in:9050/_az/
Targets
-
-
Target
4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
-
Size
1.9MB
-
MD5
be2de5463fff77d33317c926421ba040
-
SHA1
eea7d85b92d2a2c1fda03364882be19703484ba8
-
SHA256
4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
-
SHA512
bc60e5ae5de7dd13280d39c515065e9b70aaec0a06a7571e38ac2055648f33058e8cdcd2eba1a569b5e60edcbae2d913ff542c6d3571b6d49879ea0f59729fc4
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-