General
-
Target
d495dd207946570ab08c5db0ecd28ca1fdff588b63580e8273fc2450a56ec6e8
-
Size
1.3MB
-
Sample
220731-ke3shagcf6
-
MD5
0c55a6f232fd0670a66eb1eec42efe22
-
SHA1
d81f3a175c9e49bc9d5333cf9462065ff50c4c29
-
SHA256
d495dd207946570ab08c5db0ecd28ca1fdff588b63580e8273fc2450a56ec6e8
-
SHA512
75e7f455a1a943e324a30ae75f7788d98ea870480464ff7fc0d100336dafd5d0eec067e6b5c59b18ddf80cb46e3b7f068e9157d5974419f2444f6df878f6a318
Malware Config
Extracted
azorult
http://performancehaelth.com/okoye/32/index.php
Targets
-
-
Target
d495dd207946570ab08c5db0ecd28ca1fdff588b63580e8273fc2450a56ec6e8
-
Size
1.3MB
-
MD5
0c55a6f232fd0670a66eb1eec42efe22
-
SHA1
d81f3a175c9e49bc9d5333cf9462065ff50c4c29
-
SHA256
d495dd207946570ab08c5db0ecd28ca1fdff588b63580e8273fc2450a56ec6e8
-
SHA512
75e7f455a1a943e324a30ae75f7788d98ea870480464ff7fc0d100336dafd5d0eec067e6b5c59b18ddf80cb46e3b7f068e9157d5974419f2444f6df878f6a318
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-