General
-
Target
PO 329.gz
-
Size
350KB
-
Sample
210922-vv41lsdce6
-
MD5
fbbaa8d6fdd9b3f90a7c6f28c16d9399
-
SHA1
b7e14da8a1123463b33d40150fb203f3fb45838a
-
SHA256
bf1def53e52bc05daee4c3de0a87fd623e75014d8c55547bf804f991c06f9551
-
SHA512
99610b1c8c902e1fcb38dff456187d654ab185b8bfe931dc641bbd78530cb4d3065251880b92780108063ea197210c9e0a45ab92cf1698a3ddce4a4272237e40
Static task
static1
Behavioral task
behavioral1
Sample
PO 329.exe
Resource
win7-en-20210920
Malware Config
Extracted
azorult
http://159.65.165.243/index.php
Targets
-
-
Target
PO 329.exe
-
Size
766KB
-
MD5
64be2bc5ad3db30aa9d85b888591962c
-
SHA1
b22746bc1e4b133e574ac903b087b12d5569a0ee
-
SHA256
3733c0d21fd6a6e1ef819f4b98fbf38757051e7431c743a11bd0c7e91f4d76ac
-
SHA512
3c4363eef5b1989632e21453f445298c1af0c18a9dccd4a10bee4cfd6948df6dcf0776e846682506c7341449e48f8db83b1b740b81c9d6c2e9d5083c7398c738
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-