General
-
Target
AZScan0871pdf.vbs
-
Size
2KB
-
Sample
220913-pwrh1sffb2
-
MD5
d76839cf5c55a204827148a0e5ecd68e
-
SHA1
926b79817a4f02e2f5eb7f948dc0a73f8ef764e6
-
SHA256
2634e559a8907c6111964e180fdeb468f73bd3989959d0affed0cb9582842831
-
SHA512
776bdafa7dbf17b2780cf5a7d25070a0e3e5884d9e3f11817f15013e2819909ad4d6e58e02629f8d1b909bbb81e24c5309058a366eb4e3a4b37e551eef7f9787
Static task
static1
Behavioral task
behavioral1
Sample
AZScan0871pdf.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
AZScan0871pdf.vbs
Resource
win10v2004-20220901-en
Malware Config
Extracted
azorult
http://185.29.9.47/aristo/Panel/index.php
Targets
-
-
Target
AZScan0871pdf.vbs
-
Size
2KB
-
MD5
d76839cf5c55a204827148a0e5ecd68e
-
SHA1
926b79817a4f02e2f5eb7f948dc0a73f8ef764e6
-
SHA256
2634e559a8907c6111964e180fdeb468f73bd3989959d0affed0cb9582842831
-
SHA512
776bdafa7dbf17b2780cf5a7d25070a0e3e5884d9e3f11817f15013e2819909ad4d6e58e02629f8d1b909bbb81e24c5309058a366eb4e3a4b37e551eef7f9787
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-