General
-
Target
Adobe.Photoshop.CS.v8.0.and.Ad.crack.by.Inferno SAMPLE.zip
-
Size
6.2MB
-
Sample
210704-j71p3gw1v6
-
MD5
8fa14094c6f45929455ee73341d79a85
-
SHA1
f0a942ca750d5983d14de9a66c388424ec0c3424
-
SHA256
eac570e1b80da84cb2ecdad4b838b066537613c0b1efcddb7a5dca8df049b51e
-
SHA512
789c0605bc82af535a30fd2645af0ad34039120e2380bfb8a9ced865b7a02bbc9e35ed787e48448ad7a834c5e16f1c8b205aeeb703d92c51918938768e89de3b
Static task
static1
Malware Config
Extracted
azorult
http://kvaka.li/1210776429.php
Targets
-
-
Target
Adobe.Photoshop.CS.v8.0.and.Ad.crack.by.Inferno.exe
-
Size
6.3MB
-
MD5
673e3fd0174e1a417c238722a961a860
-
SHA1
05f31543b59e507c38f4d3b1cfee0aad52c45442
-
SHA256
c960b0c655073690b1a287ae75f210d18959d7a4e27f199b29e4080e2b441d16
-
SHA512
792ec9216637f4c3387908cd2fbd1108fcc34460450b3a1e8c6d691bd1155bc307c9a6973ab7145d8902b8f91f616a462b6fff0d54609636f67eddf2ba89af56
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-