General
-
Target
e11081c171af696f836436896183360e879ef7f697e3acd767f55128ed6f1df0
-
Size
221KB
-
Sample
220521-ny1zsshdhn
-
MD5
0ba4194ca2b91788547eabac3c11b7ce
-
SHA1
61c97ac3fa02ddbd7a3f616cbdee392976272bd7
-
SHA256
e11081c171af696f836436896183360e879ef7f697e3acd767f55128ed6f1df0
-
SHA512
8b3cf36813d5f46b25d513625fdf9e135ddf5ee53b255311fc0fdb1eb32e964cbf3cfe6340ac628ddbcab6848e3170f378385761b924525d91daca1b4a7bc1b2
Static task
static1
Behavioral task
behavioral1
Sample
DBS-6700H.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DBS-6700H.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://waterchem.com.tr/css/Panel/index.php
Targets
-
-
Target
DBS-6700H.exe
-
Size
293KB
-
MD5
5abb6d53b7598faa6d7642d44bde0a49
-
SHA1
32c06b8fdbc2380441a5adba40bb933f045a1da5
-
SHA256
766195863e4ab2ce2b2b2b61018fdd5409a4da51ca7fe0c392ae442f39631780
-
SHA512
431e7b10c8f45b91068bae3f5df48aedea48aef2fbacc3d001ff3886682bbf5a2a8b7cdd9bb8286cf5bd5dde6eaa049e27336177adfb6304d888dec39e315a5c
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-