General
-
Target
UaZ4NIOJgGSE1F3.exe
-
Size
850KB
-
Sample
211005-f8b5eshedp
-
MD5
68c2be38e5bedebceb5108b798bb760c
-
SHA1
d60414646d66c39820bad63ed69739a0521f807f
-
SHA256
60bf55c622f01b6d0796fe3415226d66f8650a9ec5c5aff515777f9c3ac107eb
-
SHA512
e14e9b8883d8059d6603ba0bba52dafdcf0fa88d93f5f79f73a0c5e309467cce7baed0d64f6e85f1df150c2ebee088d0404ebc62b84dea2fea90328e087a5944
Static task
static1
Behavioral task
behavioral1
Sample
UaZ4NIOJgGSE1F3.exe
Resource
win7v20210408
Malware Config
Extracted
azorult
http://212.193.30.181/index.php
Targets
-
-
Target
UaZ4NIOJgGSE1F3.exe
-
Size
850KB
-
MD5
68c2be38e5bedebceb5108b798bb760c
-
SHA1
d60414646d66c39820bad63ed69739a0521f807f
-
SHA256
60bf55c622f01b6d0796fe3415226d66f8650a9ec5c5aff515777f9c3ac107eb
-
SHA512
e14e9b8883d8059d6603ba0bba52dafdcf0fa88d93f5f79f73a0c5e309467cce7baed0d64f6e85f1df150c2ebee088d0404ebc62b84dea2fea90328e087a5944
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE AZORult Variant.4 Checkin M2
suricata: ET MALWARE AZORult Variant.4 Checkin M2
-
suricata: ET MALWARE AZORult v3.2 Server Response M3
suricata: ET MALWARE AZORult v3.2 Server Response M3
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M1
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M1
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M16
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M16
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-