General
-
Target
3ee3342f2ec8cc641ea2d46daec5c5885a47d9bbd9fa49647543c5381f672aa6
-
Size
1.7MB
-
Sample
220520-3bv8csbefm
-
MD5
012fa4aa038c48e7a63828d26d0c8aa7
-
SHA1
7f4e2b046d09e527b13da488e95ccc81b13608c0
-
SHA256
3ee3342f2ec8cc641ea2d46daec5c5885a47d9bbd9fa49647543c5381f672aa6
-
SHA512
b0a5282f71cd649ebbcb86b63f9067732afedfab07200644744ee6ab8b1abcfc61118f8e0bcff14ecf0c3656a9ef238fb02bb35ed06206106198765570154c2a
Static task
static1
Behavioral task
behavioral1
Sample
3ee3342f2ec8cc641ea2d46daec5c5885a47d9bbd9fa49647543c5381f672aa6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3ee3342f2ec8cc641ea2d46daec5c5885a47d9bbd9fa49647543c5381f672aa6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://duglazo.info/index.php
Targets
-
-
Target
3ee3342f2ec8cc641ea2d46daec5c5885a47d9bbd9fa49647543c5381f672aa6
-
Size
1.7MB
-
MD5
012fa4aa038c48e7a63828d26d0c8aa7
-
SHA1
7f4e2b046d09e527b13da488e95ccc81b13608c0
-
SHA256
3ee3342f2ec8cc641ea2d46daec5c5885a47d9bbd9fa49647543c5381f672aa6
-
SHA512
b0a5282f71cd649ebbcb86b63f9067732afedfab07200644744ee6ab8b1abcfc61118f8e0bcff14ecf0c3656a9ef238fb02bb35ed06206106198765570154c2a
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-