Overview

overview

10

Static

static

gunzipped.exe

windows7_x64

10

gunzipped.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gunzipped.exe

  • Size

    462KB

  • Sample

    210712-ar13msejrs

  • MD5

    0d1090f2ac929c4bd8b55f95615a8d1b

  • SHA1

    e521ce2cf5d117077b7458b12a5e4a96fc6b10f7

  • SHA256

    bfabca4f85e2741a8261d288f37a72ca122cc7d470496a27841f50bea84d3344

  • SHA512

    f3a46f9514566ec4d776520b4e2c2429323fbef1f2db5805d080452ce1e07db71befb456108134459a8e033fcb7f6a7d77efc5dcccc03c95cfe3476539d58bb1

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://47.251.26.10/index.php

Targets

    • Target

      gunzipped.exe

    • Size

      462KB

    • MD5

      0d1090f2ac929c4bd8b55f95615a8d1b

    • SHA1

      e521ce2cf5d117077b7458b12a5e4a96fc6b10f7

    • SHA256

      bfabca4f85e2741a8261d288f37a72ca122cc7d470496a27841f50bea84d3344

    • SHA512

      f3a46f9514566ec4d776520b4e2c2429323fbef1f2db5805d080452ce1e07db71befb456108134459a8e033fcb7f6a7d77efc5dcccc03c95cfe3476539d58bb1

    Score
    10/10
    azorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks