General
-
Target
8c4ab34b4aa53718967d637c28aab7064f71b6cecba58bdf1e589f98d14ee9a3
-
Size
1.1MB
-
Sample
220521-n4n77aefb3
-
MD5
64e8cbf2ae639b24f51da2faed5b2432
-
SHA1
cc902b43eca70e8f556799f521495b99387e85d5
-
SHA256
8c4ab34b4aa53718967d637c28aab7064f71b6cecba58bdf1e589f98d14ee9a3
-
SHA512
c5507e507c22fb3506c98f995868e3d9408573c2b5488bd25a8e1b2afaa1980a3fb4293349f9f242bd4d061aeb4df6ecad84e35b7c195367ef1be3f4c28196c8
Static task
static1
Behavioral task
behavioral1
Sample
PRQ 010474.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PRQ 010474.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Standard Terms and Conditions for purchases.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Standard Terms and Conditions for purchases.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://128.199.141.181/index.php
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.mkontakt.az - Port:
587 - Username:
testing@mkontakt.az - Password:
Onyeoba111
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
PRQ 010474.exe
-
Size
312KB
-
MD5
86552be6b1f4a2a5ee6f4d3314bcaca8
-
SHA1
273c38764bc244f6322939e899cd111c56df9772
-
SHA256
ed15459a7fd8570fc69235cac35dbe1617fa919c6c09a1978df30952b2af53b1
-
SHA512
b5a71794e75c4fab472639e47fd2c2717c7e14894527e498dafa7690ab02a54c3b543362e6b79dc17185a66c87652b1ecfc6a6c2a8fc9f46af2fd7d6a8f85491
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext
-
-
-
Target
Standard Terms and Conditions for purchases.exe
-
Size
940KB
-
MD5
3523948b0182768af480742150a7bc76
-
SHA1
3ee7ab152ac2e949ea48c6a6e5aadac2015219fd
-
SHA256
98f14edea3c84946787d020e97f6b161cae2ed419e458434413626b9893c6f62
-
SHA512
820ea8bd7ef17b0bc45d0390a8e832fc42d97f1743afa9296c3417d90a7fced1409bd34daacc4fdde18a95d744c2eeb582fcab0287eb1d0d98613c15e066bac4
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-