General
-
Target
mannzx.exe
-
Size
37KB
-
Sample
220314-ymactadghk
-
MD5
89acff9ec4590de79e9fb5c288f5adb0
-
SHA1
ceb8a931df9c18e5e555afabc92b2fbb0c9ab20a
-
SHA256
456050b3b656fc30777d31163ef1677302f224c4d36bc43dff99ae91fec67d61
-
SHA512
784191035890be46a75a64760c55004271451043f85f3422d8273d29e682adea05bb491014159a2def13fb8255a9cb5bd40d64f17bb15bda41b4c4ec4ab21a90
Static task
static1
Behavioral task
behavioral1
Sample
mannzx.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
mannzx.exe
Resource
win10-20220223-en
Malware Config
Extracted
azorult
http://85.202.169.121/mann/index.php
Targets
-
-
Target
mannzx.exe
-
Size
37KB
-
MD5
89acff9ec4590de79e9fb5c288f5adb0
-
SHA1
ceb8a931df9c18e5e555afabc92b2fbb0c9ab20a
-
SHA256
456050b3b656fc30777d31163ef1677302f224c4d36bc43dff99ae91fec67d61
-
SHA512
784191035890be46a75a64760c55004271451043f85f3422d8273d29e682adea05bb491014159a2def13fb8255a9cb5bd40d64f17bb15bda41b4c4ec4ab21a90
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE AZORult v3.3 Server Response M2
suricata: ET MALWARE AZORult v3.3 Server Response M2
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M18
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M18
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-