General
-
Target
f53fa02c452f1b8314f3d53d6dff4cceae98a7b9b1b45f9d3d954380fc93a1c5.exe
-
Size
112KB
-
Sample
210716-wlx2rb7bas
-
MD5
ccfa4bb4bfc83ec85f370fcd133a695c
-
SHA1
19a334983c90cacd6fd1dbebaf4b5239bf66e2c1
-
SHA256
f53fa02c452f1b8314f3d53d6dff4cceae98a7b9b1b45f9d3d954380fc93a1c5
-
SHA512
43e3c3bc4e247ec1c9d4e72f568bb72d4098084387d158d5f34bb04055f13d6e0041ceec0373c58af31d06f12e92470b7076a66834461e316fc2e59511b6f3b9
Static task
static1
Behavioral task
behavioral1
Sample
f53fa02c452f1b8314f3d53d6dff4cceae98a7b9b1b45f9d3d954380fc93a1c5.exe
Resource
win7v20210410
Malware Config
Extracted
azorult
http://birthday-fact.cf/wg/PL341/index.php
Targets
-
-
Target
f53fa02c452f1b8314f3d53d6dff4cceae98a7b9b1b45f9d3d954380fc93a1c5.exe
-
Size
112KB
-
MD5
ccfa4bb4bfc83ec85f370fcd133a695c
-
SHA1
19a334983c90cacd6fd1dbebaf4b5239bf66e2c1
-
SHA256
f53fa02c452f1b8314f3d53d6dff4cceae98a7b9b1b45f9d3d954380fc93a1c5
-
SHA512
43e3c3bc4e247ec1c9d4e72f568bb72d4098084387d158d5f34bb04055f13d6e0041ceec0373c58af31d06f12e92470b7076a66834461e316fc2e59511b6f3b9
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-