Overview

overview

10

Static

static

5464a288f4...d7.exe

windows7-x64

10

5464a288f4...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5464a288f4ddbd6c185eef50062bb13766c6a5a42df9fbfadb5b89c0614d7dd7

  • Size

    693KB

  • Sample

    220725-x54tpsbge3

  • MD5

    d454eef9e1a734630728493601411c94

  • SHA1

    78f347e96ae2e97b21d9ef362a74ca9d2480a727

  • SHA256

    5464a288f4ddbd6c185eef50062bb13766c6a5a42df9fbfadb5b89c0614d7dd7

  • SHA512

    2d468bc96de85d4c022c318bdb1278d1d6d1c900b5768b4aca8dd20cefd6a026501898599b4851dbc2ec28b526d9b54ed0fe17c23cafa720bfefdc846861f069

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://projectkanor.bit/az/index.php

Targets

    • Target

      5464a288f4ddbd6c185eef50062bb13766c6a5a42df9fbfadb5b89c0614d7dd7

    • Size

      693KB

    • MD5

      d454eef9e1a734630728493601411c94

    • SHA1

      78f347e96ae2e97b21d9ef362a74ca9d2480a727

    • SHA256

      5464a288f4ddbd6c185eef50062bb13766c6a5a42df9fbfadb5b89c0614d7dd7

    • SHA512

      2d468bc96de85d4c022c318bdb1278d1d6d1c900b5768b4aca8dd20cefd6a026501898599b4851dbc2ec28b526d9b54ed0fe17c23cafa720bfefdc846861f069

    Score
    10/10
    azorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks