General
-
Target
3d519d709febd4bcc501ea8ba6ddd8e341c347a63f7a5085704d06544658492f
-
Size
1.4MB
-
Sample
220521-b6lhvsdag5
-
MD5
b93727f9a4bb67ad70bd24e108d46160
-
SHA1
f598d3a05a0c37ecf1e386d0fd028abb127e55a4
-
SHA256
3d519d709febd4bcc501ea8ba6ddd8e341c347a63f7a5085704d06544658492f
-
SHA512
56c85e83e6b320277241ffa4f5a834ef185024bfbf055b5139dc5973ee0992dad65ef47e2503a18df94c2b88dc229cf19cf9e728636107ff7e7e43c5268cc0ef
Static task
static1
Behavioral task
behavioral1
Sample
_____640.exe
Resource
win7-20220414-en
Malware Config
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
_____640.EXE
-
Size
931KB
-
MD5
836cda1d8a9718485cc9f9653530c2d9
-
SHA1
fca85ff9aa624547d9a315962d82388c300edac1
-
SHA256
d3793a581da66ef5840648574ce364846e7c68a559c0f5e49faf9e4892ecdc72
-
SHA512
07ca078d79f622706d08a534f6b5e2c896152fb0d0e452781fa6be5dc90028fdf074b3b78acac438f2acf5b3f5522e70afb7db4551874a3083860213e2790481
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-