General
-
Target
25906325a3f4353a5f08e44a207ecab4d530a3086ae0bc201024c66007900da8
-
Size
1.2MB
-
Sample
220611-xcen4sgbe3
-
MD5
6a9104f52c0aee59338bacc65920e9bd
-
SHA1
c7e15052e1a6215ca4bd40e0aef45545388a5cbe
-
SHA256
25906325a3f4353a5f08e44a207ecab4d530a3086ae0bc201024c66007900da8
-
SHA512
224bc8d3a9e42e6d17ecef1980a311933aeaa719d33bb93821ce0093e38649327c3f8ac1e63f6bebc6fc03c2b6e9dcbc5bf48b5220336cca9fa406f2a96cb81a
Static task
static1
Behavioral task
behavioral1
Sample
25906325a3f4353a5f08e44a207ecab4d530a3086ae0bc201024c66007900da8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
25906325a3f4353a5f08e44a207ecab4d530a3086ae0bc201024c66007900da8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://azor.pw/171e6.php
Targets
-
-
Target
25906325a3f4353a5f08e44a207ecab4d530a3086ae0bc201024c66007900da8
-
Size
1.2MB
-
MD5
6a9104f52c0aee59338bacc65920e9bd
-
SHA1
c7e15052e1a6215ca4bd40e0aef45545388a5cbe
-
SHA256
25906325a3f4353a5f08e44a207ecab4d530a3086ae0bc201024c66007900da8
-
SHA512
224bc8d3a9e42e6d17ecef1980a311933aeaa719d33bb93821ce0093e38649327c3f8ac1e63f6bebc6fc03c2b6e9dcbc5bf48b5220336cca9fa406f2a96cb81a
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-