General
-
Target
PO#491269.exe
-
Size
743KB
-
Sample
210923-q6z4ksefb5
-
MD5
000f49db2a427d19e1e29fe0fc8b2080
-
SHA1
ed291d0386372964009d88aaf4486a1936818ac6
-
SHA256
8a7780be1190a675ff926d340c7f9106d966419dcdf680b4331fd65e782189e6
-
SHA512
d501469e0658516b1f34896552e8f479460ecf8564251d477ed6f44711c5af84a00fb924d0bf04dc2e88f908bc983aad3b035b464d6f06a7703cf3147470b7d1
Static task
static1
Behavioral task
behavioral1
Sample
PO#491269.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO#491269.exe
Resource
win10-en-20210920
Malware Config
Extracted
azorult
http://165.227.220.7/index.php
Targets
-
-
Target
PO#491269.exe
-
Size
743KB
-
MD5
000f49db2a427d19e1e29fe0fc8b2080
-
SHA1
ed291d0386372964009d88aaf4486a1936818ac6
-
SHA256
8a7780be1190a675ff926d340c7f9106d966419dcdf680b4331fd65e782189e6
-
SHA512
d501469e0658516b1f34896552e8f479460ecf8564251d477ed6f44711c5af84a00fb924d0bf04dc2e88f908bc983aad3b035b464d6f06a7703cf3147470b7d1
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-