General
-
Target
HalkbankEkstre071320210839598392001334.exe
-
Size
773KB
-
Sample
210713-czym3a7yjn
-
MD5
77ab116cd99bf2814d4565df18cc9a1a
-
SHA1
bfe164030c5ab6cbf7fbdafe3c540e1af6d09855
-
SHA256
73bd6f2b1b0b6ea24d811257a4e34d491ea87575e236e3ca71e03dff561b09ae
-
SHA512
bcb6aba93ab726a634c4919f9dceae860b3e44e60fe53d32fdb27a5745d598f4bd1ef320d914074fe17c9f46ed29afa8c4b38ecbec904a97f2f8dad73179c5be
Static task
static1
Behavioral task
behavioral1
Sample
HalkbankEkstre071320210839598392001334.exe
Resource
win7v20210408
Malware Config
Extracted
azorult
http://37.0.11.128/index.php
Targets
-
-
Target
HalkbankEkstre071320210839598392001334.exe
-
Size
773KB
-
MD5
77ab116cd99bf2814d4565df18cc9a1a
-
SHA1
bfe164030c5ab6cbf7fbdafe3c540e1af6d09855
-
SHA256
73bd6f2b1b0b6ea24d811257a4e34d491ea87575e236e3ca71e03dff561b09ae
-
SHA512
bcb6aba93ab726a634c4919f9dceae860b3e44e60fe53d32fdb27a5745d598f4bd1ef320d914074fe17c9f46ed29afa8c4b38ecbec904a97f2f8dad73179c5be
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-