General
-
Target
55d6cf850bc8e1f91d1d5b0905eed004df00da757e7ffc80fead608ff18f1e69.exe
-
Size
1.7MB
-
Sample
220521-yh3hssdba8
-
MD5
10fa511e7a230d443c6bbc008ebdf1c7
-
SHA1
976e29b1b050a70448ea23976deb8b7f24594e36
-
SHA256
55d6cf850bc8e1f91d1d5b0905eed004df00da757e7ffc80fead608ff18f1e69
-
SHA512
4a2a854bcdcab4ef0fef9cf33814d9dd08f72444079ae29b3228f631e7520ac2a570b1da20c5f76ab2cc4ad88b8073f98a12e27820a3d2f0d559d3606ba5c395
Malware Config
Extracted
azorult
http://bl1we4t.xyz/index.php
Targets
-
-
Target
55d6cf850bc8e1f91d1d5b0905eed004df00da757e7ffc80fead608ff18f1e69.exe
-
Size
1.7MB
-
MD5
10fa511e7a230d443c6bbc008ebdf1c7
-
SHA1
976e29b1b050a70448ea23976deb8b7f24594e36
-
SHA256
55d6cf850bc8e1f91d1d5b0905eed004df00da757e7ffc80fead608ff18f1e69
-
SHA512
4a2a854bcdcab4ef0fef9cf33814d9dd08f72444079ae29b3228f631e7520ac2a570b1da20c5f76ab2cc4ad88b8073f98a12e27820a3d2f0d559d3606ba5c395
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-