General
-
Target
017ad7cd19f4a8fbbcb3dc700f642f48839e6abd65461df5135598a494e7069c
-
Size
184KB
-
Sample
220521-b2ql1sfhfq
-
MD5
19b4ce489f9124592e24c1a45c2ac407
-
SHA1
19b93e3acc57e8f7b9eea0df558972d1e7190a2e
-
SHA256
017ad7cd19f4a8fbbcb3dc700f642f48839e6abd65461df5135598a494e7069c
-
SHA512
c5c6d6ebf17773c39b8d87aa091ce6deb3ae6e0a7649c4d0efcab24786b91bfaaeb43f301dce1e245d272a86677a1d4640a46a4282ee469253a6549af54914ed
Static task
static1
Behavioral task
behavioral1
Sample
TNT SHIPPING DOCUMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT SHIPPING DOCUMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://waterchem.com.tr/css/Panel/index.php
Targets
-
-
Target
TNT SHIPPING DOCUMENT.exe
-
Size
267KB
-
MD5
4d921621521f649ea4741d7687f4fa34
-
SHA1
01118b049ea747d80ed65742f95c88f16fe92cdb
-
SHA256
94d39d6f9db604c0b356bb0115d361c9243bc67cb9a657e5310debed783cb6d3
-
SHA512
6ee927ef7f43aac9e75a9c3e43cd4cd9b51de1973709fb21a7c4e027e77622cd5b5e143b7670535e7a7a580800a5d8b9549d8e106a1f508290c53f3d58708e3f
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-