General
-
Target
PO CBV87654469.exe
-
Size
428KB
-
Sample
220929-za94cabhf3
-
MD5
c6152a34c16494d6e75c276de8d76827
-
SHA1
4e75fb1f68ae10b98e432c443d740229c370453f
-
SHA256
d92c973ecc0a47bbb7d56fdec3471e90a88b49406b27b743f3f01433b0163ca8
-
SHA512
0a2accb3101a3a91babeb526f69e77865b25b01d2be0b19776f1663ac0f7cccf5611acebddecfc495dcfd8948a813a799fd4b5d2c6cfba836acce70fab6a0ab5
-
SSDEEP
6144:uTouKrWBEu3/Z2lpGDHU3ykJFqNbi/PRNU2Pg1++F8lTx4DN/Y8FyT+:uToPWBv/cpGrU3ywumk6g1bZDNw8Fyq
Static task
static1
Behavioral task
behavioral1
Sample
PO CBV87654469.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PO CBV87654469.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
PO CBV87654469.exe
-
Size
428KB
-
MD5
c6152a34c16494d6e75c276de8d76827
-
SHA1
4e75fb1f68ae10b98e432c443d740229c370453f
-
SHA256
d92c973ecc0a47bbb7d56fdec3471e90a88b49406b27b743f3f01433b0163ca8
-
SHA512
0a2accb3101a3a91babeb526f69e77865b25b01d2be0b19776f1663ac0f7cccf5611acebddecfc495dcfd8948a813a799fd4b5d2c6cfba836acce70fab6a0ab5
-
SSDEEP
6144:uTouKrWBEu3/Z2lpGDHU3ykJFqNbi/PRNU2Pg1++F8lTx4DN/Y8FyT+:uToPWBv/cpGrU3ywumk6g1bZDNw8Fyq
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-