General
-
Target
ddcaa3b14d33d6d27dc1467709b05d69df392d4c7d8d2699beda137ea237a224.exe
-
Size
472KB
-
Sample
210915-gr6s5sdabm
-
MD5
5582fe6e6efed19464dd03225a30c958
-
SHA1
36b4846522ffcf6ad4f89bccb3c4c2a254287539
-
SHA256
ddcaa3b14d33d6d27dc1467709b05d69df392d4c7d8d2699beda137ea237a224
-
SHA512
d58d6db8ecf816f3bded92698b89ffa42dc2725329b7237eaefb043cc562068cf70122784099009f6658d51403374c73a8817b114937d6b66808945c927f66b7
Static task
static1
Behavioral task
behavioral1
Sample
ddcaa3b14d33d6d27dc1467709b05d69df392d4c7d8d2699beda137ea237a224.exe
Resource
win7-en
Malware Config
Extracted
azorult
http://31.210.20.16/panel1/index.php
Targets
-
-
Target
ddcaa3b14d33d6d27dc1467709b05d69df392d4c7d8d2699beda137ea237a224.exe
-
Size
472KB
-
MD5
5582fe6e6efed19464dd03225a30c958
-
SHA1
36b4846522ffcf6ad4f89bccb3c4c2a254287539
-
SHA256
ddcaa3b14d33d6d27dc1467709b05d69df392d4c7d8d2699beda137ea237a224
-
SHA512
d58d6db8ecf816f3bded92698b89ffa42dc2725329b7237eaefb043cc562068cf70122784099009f6658d51403374c73a8817b114937d6b66808945c927f66b7
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE AZORult Variant.4 Checkin M2
suricata: ET MALWARE AZORult Variant.4 Checkin M2
-
suricata: ET MALWARE AZORult v3.2 Server Response M3
suricata: ET MALWARE AZORult v3.2 Server Response M3
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M17
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M17
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M3
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M3
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-