General
-
Target
5f955585f209598a9d7069fcdae436ac263121eace28f571b036b3730ee25c0f
-
Size
344KB
-
Sample
220520-2gvy4sader
-
MD5
0bfc806b909165a96c8c2be29e1bcbf0
-
SHA1
eb560e083775c27437aac119e392bd5bfdb07e2d
-
SHA256
5f955585f209598a9d7069fcdae436ac263121eace28f571b036b3730ee25c0f
-
SHA512
438274dc7bc20e96383baf92e943d8e1c7a3bf49cc38c9824681113e293767c81346668cb77ba00c98020bd2af30245076d2508e854d44c93bc6405ea4ed4f76
Static task
static1
Behavioral task
behavioral1
Sample
IMG_626166155117636637099388377365355343431DT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG_626166155117636637099388377365355343431DT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
https://johnsonmeds.com/wp-admin/css/index.php
Targets
-
-
Target
IMG_626166155117636637099388377365355343431DT.exe
-
Size
599KB
-
MD5
b58750b262ee79c332c554bc004702b2
-
SHA1
7f4a16ea0c530b6cb136efb2027632b624ca013d
-
SHA256
84c63913782658c1a3fe4c7c7f7bb9c2e09591ece6b7018ec3d48c7282582068
-
SHA512
efb1ff89773ca35a5bfc9bf7472e7e8495870eec97905e2a17220a5e2b58371ff86ef77ed5f37f32d752fe4c679c1c3b03e79d62963e8906749db01a0b28f2ad
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-