General
-
Target
252399168184867c61d57702943c93d1b6870f6c820b5f442672cca9394eb6eb
-
Size
1.7MB
-
Sample
220701-g6nwwafgdk
-
MD5
173f86e01ac24f62a609382cd0789876
-
SHA1
432950d3edeee04f5ee16cfd876d97ac67012e25
-
SHA256
252399168184867c61d57702943c93d1b6870f6c820b5f442672cca9394eb6eb
-
SHA512
58ff367d60e7a412ec1335d8851818b4c2de2e22640bc481be6683955b1c55be740a5b0cad812d5330d2943e41a9aa4f647e2bc0233233a51655bc400eeea89b
Static task
static1
Behavioral task
behavioral1
Sample
252399168184867c61d57702943c93d1b6870f6c820b5f442672cca9394eb6eb.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
252399168184867c61d57702943c93d1b6870f6c820b5f442672cca9394eb6eb.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://duglazo.info/index.php
Targets
-
-
Target
252399168184867c61d57702943c93d1b6870f6c820b5f442672cca9394eb6eb
-
Size
1.7MB
-
MD5
173f86e01ac24f62a609382cd0789876
-
SHA1
432950d3edeee04f5ee16cfd876d97ac67012e25
-
SHA256
252399168184867c61d57702943c93d1b6870f6c820b5f442672cca9394eb6eb
-
SHA512
58ff367d60e7a412ec1335d8851818b4c2de2e22640bc481be6683955b1c55be740a5b0cad812d5330d2943e41a9aa4f647e2bc0233233a51655bc400eeea89b
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-