General
-
Target
270ccfd9fa5927e0dd36355f13d51ea5af5fe643c3cf22f374ca60ce6a73b7a5
-
Size
552KB
-
Sample
220616-gxshpsefcn
-
MD5
88cab3e01e7d2274dd56a8d4b605cafb
-
SHA1
d78df20a64aecb448521975d88360e5c9392cf2c
-
SHA256
270ccfd9fa5927e0dd36355f13d51ea5af5fe643c3cf22f374ca60ce6a73b7a5
-
SHA512
01ad52674350a68c461f284912a654514ca28fbf77cf1d99711e0df38e571fbca3d186f7ae0cfcf62fca135a09af6ecec481df014702605d07a8a542e39578d0
Static task
static1
Behavioral task
behavioral1
Sample
270ccfd9fa5927e0dd36355f13d51ea5af5fe643c3cf22f374ca60ce6a73b7a5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
270ccfd9fa5927e0dd36355f13d51ea5af5fe643c3cf22f374ca60ce6a73b7a5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://cupononline.pk/index.php
Targets
-
-
Target
270ccfd9fa5927e0dd36355f13d51ea5af5fe643c3cf22f374ca60ce6a73b7a5
-
Size
552KB
-
MD5
88cab3e01e7d2274dd56a8d4b605cafb
-
SHA1
d78df20a64aecb448521975d88360e5c9392cf2c
-
SHA256
270ccfd9fa5927e0dd36355f13d51ea5af5fe643c3cf22f374ca60ce6a73b7a5
-
SHA512
01ad52674350a68c461f284912a654514ca28fbf77cf1d99711e0df38e571fbca3d186f7ae0cfcf62fca135a09af6ecec481df014702605d07a8a542e39578d0
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-