General
-
Target
673 (Mamba collaries).exe
-
Size
258KB
-
Sample
210727-k37e5j18wa
-
MD5
f02970cc3c958ce5d8fec3367cb19dce
-
SHA1
444d4ff3e6e0b2bd09f21165f2340d6790ae7c3a
-
SHA256
8d706a559621c1ec74e346061820da982e2740ca365f152660cc302162073504
-
SHA512
e9b1d4c1af2d7191069f4bf7b822315c70023e32cf385cf07795ba5a2588ec09080c264afa539429bb360d6115ad1ff139c08e070f791783125d967cc89ccc1d
Static task
static1
Behavioral task
behavioral1
Sample
673 (Mamba collaries).exe
Resource
win7v20210408
Malware Config
Extracted
azorult
http://xtream-ui.tk/bvLOI/index.php
Targets
-
-
Target
673 (Mamba collaries).exe
-
Size
258KB
-
MD5
f02970cc3c958ce5d8fec3367cb19dce
-
SHA1
444d4ff3e6e0b2bd09f21165f2340d6790ae7c3a
-
SHA256
8d706a559621c1ec74e346061820da982e2740ca365f152660cc302162073504
-
SHA512
e9b1d4c1af2d7191069f4bf7b822315c70023e32cf385cf07795ba5a2588ec09080c264afa539429bb360d6115ad1ff139c08e070f791783125d967cc89ccc1d
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE AZORult v3.3 Server Response M3
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M16
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M3
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-