General
-
Target
Comprehensive_Meta_Analysis_keygen_by_KeygenNinja.zip
-
Size
6.3MB
-
Sample
210509-av3xhatpra
-
MD5
df6f7b04fbe458d08350ed10ae4696dc
-
SHA1
87e39da599a49762dbd09c94b363a765be277899
-
SHA256
e9a5d5a4162192243da10ae7b572733377b6df3fe961ac867b9c1ac7d215bcd9
-
SHA512
17cd4507adc2eb4c1d5516f2155e8f8d3c908677d08cf32afd278330daf93e1a5ce3aca331c1b858ea134b58134de3b58cb6227aa9231a286d3eb66aa5d92d92
Static task
static1
Behavioral task
behavioral1
Sample
Comprehensive_Meta_Analysis_keygen_by_KeygenNinja.exe
Resource
win10v20210408
Malware Config
Extracted
azorult
http://kvaka.li/1210776429.php
Targets
-
-
Target
Comprehensive_Meta_Analysis_keygen_by_KeygenNinja.exe
-
Size
6.4MB
-
MD5
c93e0fb53e06d9ce189b94db20d1cd2f
-
SHA1
6185df106ab6e494ae02abfa580d2402ca102997
-
SHA256
be714963564f842ec3cd516b68337d96eebc4559d3fd83931ba047a1664a1e2b
-
SHA512
8dd40bd29db39aaf6c3fbab8af292298d1c98a9e0384992a91e74204ac4a2ae33fdd674c2606ef4a5a077a8ed2a3f1d5547c482f9da05e402ad8b98aaed0d2bc
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of SetThreadContext
-