General
-
Target
ödeme kopyası,pdf.exe
-
Size
154KB
-
Sample
220924-jnqc4aagc2
-
MD5
e1e331cdb2d951e673a0e6e0d7d75634
-
SHA1
1a8f01c6d20026b6f582d0ed0c691f975763b051
-
SHA256
eea2a192c80e6d01051766e7f06213f6870d45c4be44f47ba09f7ef51e1581f1
-
SHA512
2b71c1188e872269ff7af112722a2a987d678d90ccd2f9e9fd03092ac9fbf4e65a56806fcdd8a1ba19a3acee36b373292b7bf6699439226b002e0fb3ca866400
-
SSDEEP
3072:b74ik4nYIGVIT2a4enK2GraJuQ5WJqRcM3NkhNLSuFqxEYyg:ImnQISa4CKpaJuQ5W0Z3NkhxFq
Malware Config
Extracted
azorult
http://blsrs.shop/PL341/index.php
Targets
-
-
Target
ödeme kopyası,pdf.exe
-
Size
154KB
-
MD5
e1e331cdb2d951e673a0e6e0d7d75634
-
SHA1
1a8f01c6d20026b6f582d0ed0c691f975763b051
-
SHA256
eea2a192c80e6d01051766e7f06213f6870d45c4be44f47ba09f7ef51e1581f1
-
SHA512
2b71c1188e872269ff7af112722a2a987d678d90ccd2f9e9fd03092ac9fbf4e65a56806fcdd8a1ba19a3acee36b373292b7bf6699439226b002e0fb3ca866400
-
SSDEEP
3072:b74ik4nYIGVIT2a4enK2GraJuQ5WJqRcM3NkhNLSuFqxEYyg:ImnQISa4CKpaJuQ5W0Z3NkhxFq
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-