General
-
Target
1f81820b2feb56c96e679d4d0dc052da187d63462e505d04af1d719b33ba7f7d
-
Size
2.0MB
-
Sample
210511-ed7f514ff2
-
MD5
b0396db1db990acf20bbd8373c426892
-
SHA1
6fabd01f7892c91c46ab14efee6e4f96868f9c80
-
SHA256
1f81820b2feb56c96e679d4d0dc052da187d63462e505d04af1d719b33ba7f7d
-
SHA512
4030206991c97fabff41e11f7756aec48a5d0dbc778ae1f55ad1839a12a549f0bb4bb41829ddb3821f1294a36411b95ec1b034a715e621ec9a0cb32a3de7706a
Static task
static1
Behavioral task
behavioral1
Sample
1f81820b2feb56c96e679d4d0dc052da187d63462e505d04af1d719b33ba7f7d.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1f81820b2feb56c96e679d4d0dc052da187d63462e505d04af1d719b33ba7f7d.exe
Resource
win10v20210410
Malware Config
Extracted
azorult
http://0x21.in:8000/_az/
Targets
-
-
Target
1f81820b2feb56c96e679d4d0dc052da187d63462e505d04af1d719b33ba7f7d
-
Size
2.0MB
-
MD5
b0396db1db990acf20bbd8373c426892
-
SHA1
6fabd01f7892c91c46ab14efee6e4f96868f9c80
-
SHA256
1f81820b2feb56c96e679d4d0dc052da187d63462e505d04af1d719b33ba7f7d
-
SHA512
4030206991c97fabff41e11f7756aec48a5d0dbc778ae1f55ad1839a12a549f0bb4bb41829ddb3821f1294a36411b95ec1b034a715e621ec9a0cb32a3de7706a
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-