General
-
Target
SecuriteInfo.com.Trojan.PackedNET.1268.17112.6529
-
Size
149KB
-
Sample
220922-rh3p8sfdfn
-
MD5
889a5378723c2e9cae3e1f6fa311cf97
-
SHA1
0b6fe411b6ee2ea8e3a6c55d4340cc878c16acaf
-
SHA256
134488a4700a7deda589f0015dbd0c23a0cebd5b0a47d02c77cab3e8d4d0578b
-
SHA512
62ef718abc123e91798ea896e659fcd9380a60545cae845236a3ac9e08cfcc1762643d30758f2e0e821f60e252ff29d19cd0432bbb6a8e7ccdbb0a4570cb9e90
-
SSDEEP
3072:xDHXWDC5+OxWlCxcW4XHHAItj5MvuOFemKAHm:9gC5V0lJX/iFemG
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.1268.17112.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.1268.17112.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
azorult
http://gwinaz.pro/PL341/index.php
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.1268.17112.6529
-
Size
149KB
-
MD5
889a5378723c2e9cae3e1f6fa311cf97
-
SHA1
0b6fe411b6ee2ea8e3a6c55d4340cc878c16acaf
-
SHA256
134488a4700a7deda589f0015dbd0c23a0cebd5b0a47d02c77cab3e8d4d0578b
-
SHA512
62ef718abc123e91798ea896e659fcd9380a60545cae845236a3ac9e08cfcc1762643d30758f2e0e821f60e252ff29d19cd0432bbb6a8e7ccdbb0a4570cb9e90
-
SSDEEP
3072:xDHXWDC5+OxWlCxcW4XHHAItj5MvuOFemKAHm:9gC5V0lJX/iFemG
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-