azorult | eac570e1b80da84cb2ecdad4b838b066537613c0b1efcddb7a5dca8df049b51e | Triage

Submit
Reports

Overview

overview

Static

static

Adobe.Phot...no.exe

windows10_x64

Resubmissions

04-07-2021 19:54

210704-vcncxc675j 10

04-07-2021 19:42

210704-j71p3gw1v6 10

Sharing

General

Target

Adobe.Photoshop.CS.v8.0.and.Ad.crack.by.Inferno SAMPLE.zip
Size

6.2MB
Sample

210704-j71p3gw1v6
MD5

8fa14094c6f45929455ee73341d79a85
SHA1

f0a942ca750d5983d14de9a66c388424ec0c3424
SHA256

eac570e1b80da84cb2ecdad4b838b066537613c0b1efcddb7a5dca8df049b51e
SHA512

789c0605bc82af535a30fd2645af0ad34039120e2380bfb8a9ced865b7a02bbc9e35ed787e48448ad7a834c5e16f1c8b205aeeb703d92c51918938768e89de3b

Score

10^/10

azorult xmrig infostealer miner trojan vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

Adobe.Photoshop.CS.v8.0.and.Ad.crack.by.Inferno.exe

Resource

win10v20210410

azorult xmrig infostealer miner trojan vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://kvaka.li/1210776429.php

Targets

- Target
  
  Adobe.Photoshop.CS.v8.0.and.Ad.crack.by.Inferno.exe
- Size
  
  6.3MB
- MD5
  
  673e3fd0174e1a417c238722a961a860
- SHA1
  
  05f31543b59e507c38f4d3b1cfee0aad52c45442
- SHA256
  
  c960b0c655073690b1a287ae75f210d18959d7a4e27f199b29e4080e2b441d16
- SHA512
  
  792ec9216637f4c3387908cd2fbd1108fcc34460450b3a1e8c6d691bd1155bc307c9a6973ab7145d8902b8f91f616a462b6fff0d54609636f67eddf2ba89af56
Score

10^/10

azorult xmrig infostealer miner trojan vmprotect
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

azorultxmriginfostealerminertrojanvmprotect

© 2018-2024

Terms | Privacy