General
-
Target
325131729ab48a10ecb1a8ff30ee35f74ecff06618cf887a0802bda5cd356902.exe
-
Size
562KB
-
Sample
210708-d7nxzdjywn
-
MD5
c61df8b07fcdcdd442bfd2a73102f2e3
-
SHA1
916ca138209e7e918849b3b81cf9a4d5bcc8e9d8
-
SHA256
325131729ab48a10ecb1a8ff30ee35f74ecff06618cf887a0802bda5cd356902
-
SHA512
6596ddbb5551cc1f71610694a8471166a6438eef4964b61bab14582d6c9c86f2ffe658228dac7cb55f3444bb329be629d7aaa839f206adb6460dada21b619db6
Static task
static1
Behavioral task
behavioral1
Sample
325131729ab48a10ecb1a8ff30ee35f74ecff06618cf887a0802bda5cd356902.exe
Resource
win7v20210408
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
erolbasa.ac.ug
Targets
-
-
Target
325131729ab48a10ecb1a8ff30ee35f74ecff06618cf887a0802bda5cd356902.exe
-
Size
562KB
-
MD5
c61df8b07fcdcdd442bfd2a73102f2e3
-
SHA1
916ca138209e7e918849b3b81cf9a4d5bcc8e9d8
-
SHA256
325131729ab48a10ecb1a8ff30ee35f74ecff06618cf887a0802bda5cd356902
-
SHA512
6596ddbb5551cc1f71610694a8471166a6438eef4964b61bab14582d6c9c86f2ffe658228dac7cb55f3444bb329be629d7aaa839f206adb6460dada21b619db6
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-