General
-
Target
daf8cd6f6c9c7973e5a877510d38b7f71ed45fd41b408ee341e42281cf7419b1.exe
-
Size
557KB
-
Sample
220521-yh1n7sgcdk
-
MD5
2227ba6c19380fe252954a4d7ec54bd9
-
SHA1
55356c81d4ee84110ac352f91d4771761bc3b71e
-
SHA256
daf8cd6f6c9c7973e5a877510d38b7f71ed45fd41b408ee341e42281cf7419b1
-
SHA512
5477621ba7f93a6d02da12f6c620ebc6440a7ff025fb3992f92242990bdb65de898b2eaa691101b2a26d0cf9f72fc5217c11c5700c678d1599a0a6e43677a290
Static task
static1
Behavioral task
behavioral1
Sample
daf8cd6f6c9c7973e5a877510d38b7f71ed45fd41b408ee341e42281cf7419b1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
daf8cd6f6c9c7973e5a877510d38b7f71ed45fd41b408ee341e42281cf7419b1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://5gw4d.xyz/PL341/index.php
Targets
-
-
Target
daf8cd6f6c9c7973e5a877510d38b7f71ed45fd41b408ee341e42281cf7419b1.exe
-
Size
557KB
-
MD5
2227ba6c19380fe252954a4d7ec54bd9
-
SHA1
55356c81d4ee84110ac352f91d4771761bc3b71e
-
SHA256
daf8cd6f6c9c7973e5a877510d38b7f71ed45fd41b408ee341e42281cf7419b1
-
SHA512
5477621ba7f93a6d02da12f6c620ebc6440a7ff025fb3992f92242990bdb65de898b2eaa691101b2a26d0cf9f72fc5217c11c5700c678d1599a0a6e43677a290
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-