General
-
Target
43c25e49864f20e8c6497dcaa1521549cf9f569ced9399a9399cbafddf545bdf.zip
-
Size
124KB
-
Sample
221004-xcghpscben
-
MD5
9741b0c8233931311f50acb10def175c
-
SHA1
bbde8dcd3b9b4c802eaf0bde0f28701806937e58
-
SHA256
87a064546e0ffb283c6c5c5380c310a806cf21d60b9ef53dece98746813fe287
-
SHA512
d8a094d06bae4212409642720d8a9d8e8868d5da1b858e0c1a47be3fc4a2ae67c27206fded8f31736c2d3f69184d2a43b393fff2e6ce0f39c1de2b931045f4c7
-
SSDEEP
3072:UD2ZZLDK6H5NxVS75pF/YAV6+njiINTaQAJ8my/fy:I2Zw6ZNxVSHF/YitnjixP66
Malware Config
Extracted
azorult
http://ble3ds2.shop/PL341/index.php
Targets
-
-
Target
43c25e49864f20e8c6497dcaa1521549cf9f569ced9399a9399cbafddf545bdf
-
Size
161KB
-
MD5
5974a2ddd27259a3fb55a721b154158f
-
SHA1
c30382698912105f2e3bc8fb049fcb61195c1ea8
-
SHA256
43c25e49864f20e8c6497dcaa1521549cf9f569ced9399a9399cbafddf545bdf
-
SHA512
2db498b103b00eb8a3e8552ce80e75b17e6c628a884a77731cef68574f630c7103856a1682a262db15e9d6e2fb7b4f326c05ab775ef8e2c7e053022c34ffa7d5
-
SSDEEP
3072:wJ00VQHcZJ2SDbxfD8tu1LFrnIGJ5kEHNJHnXB947h+R9qILTFRNquyBXq:xe8cZJ3B8tu1pDI27N5ReAR9qILTF
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-