General
-
Target
a8067b03ec32dc5f5a21cb6db6cb8beba43aa0e3fb7070d5eadd75599ef37856
-
Size
1.2MB
-
Sample
220701-r5yd2aggbn
-
MD5
71a0d311da42dbf96308658924ae3533
-
SHA1
98c3ea72b6187400b04376d57e46754c74307006
-
SHA256
a8067b03ec32dc5f5a21cb6db6cb8beba43aa0e3fb7070d5eadd75599ef37856
-
SHA512
7c01a3049335a7f21328b7c316a2fc1f2bdb84d38c902beafd28a81358591da661735090a815ab109b806d6a5f11fda02f06cc6c33c95e592533fcc513d1fd97
Static task
static1
Behavioral task
behavioral1
Sample
ATTACHEM.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ATTACHEM.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://lawantumorotak.com/img/index.php
Targets
-
-
Target
ATTACHEM.EXE
-
Size
529KB
-
MD5
84a9e3f3782f6c6e8a8d53ea4822bce7
-
SHA1
fdf97e6f3455ebd935e56da73c7a181f4ffe0212
-
SHA256
38a689e3cfe024cf53d07e3f6830da32c836c4c06c96478fda9a36e22d540a9c
-
SHA512
288e884e274ad365d75334e59a8e97839f608525f7af7854c69c5e0c6665157aec3b4b4034e6c4f7e8338191a72f0df1865f3d248aea14ff2f6474c97d0fef42
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-