General
-
Target
4e20122a4777478a3b0bcdd6c7ee35c9.exe
-
Size
1.0MB
-
Sample
210925-hfsmtaafa8
-
MD5
4e20122a4777478a3b0bcdd6c7ee35c9
-
SHA1
1970e4b8d24dde794f3d79496e940f36a3b54cf8
-
SHA256
d3d844bca757cfac2bc5cd8cc9bd9d806358eb3af100fdecddb5d0848cd706af
-
SHA512
581174342ee8e01e93c188d1afb18cbd55675d4c0f45b056d3761cd35fdf75915082234370e1c82a8345d1be4fce471aa24be5d241332b3786e935a14782a030
Static task
static1
Behavioral task
behavioral1
Sample
4e20122a4777478a3b0bcdd6c7ee35c9.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
4e20122a4777478a3b0bcdd6c7ee35c9.exe
Resource
win10v20210408
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
raccoon
e16d9c3413a8d3bc552d87560e5a14148908608d
-
url4cnc
https://t.me/brikitiki
Extracted
oski
maurizio.ug
Targets
-
-
Target
4e20122a4777478a3b0bcdd6c7ee35c9.exe
-
Size
1.0MB
-
MD5
4e20122a4777478a3b0bcdd6c7ee35c9
-
SHA1
1970e4b8d24dde794f3d79496e940f36a3b54cf8
-
SHA256
d3d844bca757cfac2bc5cd8cc9bd9d806358eb3af100fdecddb5d0848cd706af
-
SHA512
581174342ee8e01e93c188d1afb18cbd55675d4c0f45b056d3761cd35fdf75915082234370e1c82a8345d1be4fce471aa24be5d241332b3786e935a14782a030
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-