General
-
Target
AZ_Scan_87291_pdf.js
-
Size
1KB
-
Sample
220915-py23jaggfq
-
MD5
1f60eb182eb8e331cf7631a3a8c3080e
-
SHA1
6a0fc5ddc3490f6628674605cb70b8e6178929d9
-
SHA256
b16ff5477ed1e60e82a495a3b7cbe42371243670be0250f3f05d49a6ea37a4d3
-
SHA512
242597d3662454364a776588356cc1e796e050b6770414ac045b8574602a78f71e1755ee4d0b20530dbfabf28b007b6a751c738aa36d7b3928794797307d6c89
Static task
static1
Behavioral task
behavioral1
Sample
AZ_Scan_87291_pdf.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
AZ_Scan_87291_pdf.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
azorult
http://185.29.9.47/aristo/Panel/index.php
Targets
-
-
Target
AZ_Scan_87291_pdf.js
-
Size
1KB
-
MD5
1f60eb182eb8e331cf7631a3a8c3080e
-
SHA1
6a0fc5ddc3490f6628674605cb70b8e6178929d9
-
SHA256
b16ff5477ed1e60e82a495a3b7cbe42371243670be0250f3f05d49a6ea37a4d3
-
SHA512
242597d3662454364a776588356cc1e796e050b6770414ac045b8574602a78f71e1755ee4d0b20530dbfabf28b007b6a751c738aa36d7b3928794797307d6c89
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-