General
-
Target
87ae3c39a94818fda4f66ddaa98898dfa3bd10190099e6129cb174d1f480eefc
-
Size
1.2MB
-
Sample
220701-r6sj6sadc6
-
MD5
3bcc3b3035993fbd946ac1f61b9128e8
-
SHA1
0fde7bf38d94d1c6df988cd99bc66a200a4d183f
-
SHA256
87ae3c39a94818fda4f66ddaa98898dfa3bd10190099e6129cb174d1f480eefc
-
SHA512
f2968b993deba8a236fb5c8b6af9c49e02aa16163997842942d01c0ca0737de30e526cdf4f7a0e4a91902a5a2a86cc989bff352cb3768ff09179c5d68f567792
Static task
static1
Behavioral task
behavioral1
Sample
ATTACHME.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ATTACHME.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
azorult
http://rodamedd.com/css/index.php
Targets
-
-
Target
ATTACHME.EXE
-
Size
531KB
-
MD5
33d65b07d476356bdcda270163594db1
-
SHA1
e7a3bc423f07c5415e2ec8282e00c04eaa2cb008
-
SHA256
27efbe2e224af5538663051c9a5183bddf283ab5ae5e3207cfb876f9c9445c0f
-
SHA512
11e19f6475ec236d54ab2ad1bc982eaa4497001436ad47d8057ad6c08b4c0fc4690fe7418cbe71d7e74dc928384346cecec25fd21ce71b9d3f0643406fae65b7
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-