General
-
Target
sARR.exe
-
Size
468KB
-
Sample
220602-c7n6tagcgn
-
MD5
f55ff262aad78272a4c489284e7bc40e
-
SHA1
032bff6af37318e56016baa4d3b317d332eb5812
-
SHA256
6f42aa014eb22272fdd4f8e1e0cb5e30f934b54232547d816efec00d76f0d377
-
SHA512
5bfb088e10e10385af9e8dee9eaaf4834d341e86276bff328e564aece768ce69b2e738073c78e2a1bfef05a73298f216c0b15a582b5ac39fc6d4f51d0e601f08
Static task
static1
Behavioral task
behavioral1
Sample
sARR.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sARR.exe
Resource
win10-20220414-en
Malware Config
Extracted
azorult
http://194.31.98.112/index.php
Targets
-
-
Target
sARR.exe
-
Size
468KB
-
MD5
f55ff262aad78272a4c489284e7bc40e
-
SHA1
032bff6af37318e56016baa4d3b317d332eb5812
-
SHA256
6f42aa014eb22272fdd4f8e1e0cb5e30f934b54232547d816efec00d76f0d377
-
SHA512
5bfb088e10e10385af9e8dee9eaaf4834d341e86276bff328e564aece768ce69b2e738073c78e2a1bfef05a73298f216c0b15a582b5ac39fc6d4f51d0e601f08
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE AZORult Variant.4 Checkin M2
suricata: ET MALWARE AZORult Variant.4 Checkin M2
-
suricata: ET MALWARE AZORult v3.2 Server Response M3
suricata: ET MALWARE AZORult v3.2 Server Response M3
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M16
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M16
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-