General
-
Target
Einkaufsangebot CVE6535.exe
-
Size
611KB
-
Sample
221005-kbvmqadga7
-
MD5
a6518b17fc95da854411bd7aad66b086
-
SHA1
cce92811b63765fe200a25e198c779f44a4fe3fa
-
SHA256
e2be18a1837126e8b30cebe2e5db877405b7b7b3a5c81f47a6158f029cd5e534
-
SHA512
dfa5380c236918a157da9d62fe8b0ed2dd62056af246c2985f0d03f52469bdd268d3c2da54643280697d6f06e6ef5bf1baae63dbc4822e75ffa8467f31d60d4e
-
SSDEEP
12288:z9s5ELXBIyM65vIzO1ReDP9GHo8yHNz4BqsADYsiN:B+usSgzgI9tExAYtN
Malware Config
Extracted
azorult
http://141.98.6.75/dike/index.php
Targets
-
-
Target
Einkaufsangebot CVE6535.exe
-
Size
611KB
-
MD5
a6518b17fc95da854411bd7aad66b086
-
SHA1
cce92811b63765fe200a25e198c779f44a4fe3fa
-
SHA256
e2be18a1837126e8b30cebe2e5db877405b7b7b3a5c81f47a6158f029cd5e534
-
SHA512
dfa5380c236918a157da9d62fe8b0ed2dd62056af246c2985f0d03f52469bdd268d3c2da54643280697d6f06e6ef5bf1baae63dbc4822e75ffa8467f31d60d4e
-
SSDEEP
12288:z9s5ELXBIyM65vIzO1ReDP9GHo8yHNz4BqsADYsiN:B+usSgzgI9tExAYtN
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-