General
-
Target
SecuriteInfo.com.Variant.Lazy.255475.29448.17667.exe
-
Size
202KB
-
Sample
221019-wr2azsbebj
-
MD5
1ab2f904a7f8e509c033f4a2cabe1db7
-
SHA1
fd6617e944cc54eddc2a1431e2c46e44ff75c56a
-
SHA256
a3a588b7260264b1850f13ffd1e1d7eb390666a16907bbb45e0958ad0caadb72
-
SHA512
e7aac3fd4c928381f87b91d7162321bd9392dc9346c1004b2c8df22602f21d28bc7f7971669467bfdaf28fd75b6fe1d429c6349cb8d0109dc6cb8ce9f6de6dce
-
SSDEEP
3072:n6f065+tl8PteWa50X714vwtW44XX6AM53TSoH86CCNH0/2jMujgfPYF4SSojq2m:A0xkvef6C2U/2afg9jBnq
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Lazy.255475.29448.17667.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Lazy.255475.29448.17667.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
azorult
http://blxyz1.shop/blxyz1/index.php
Targets
-
-
Target
SecuriteInfo.com.Variant.Lazy.255475.29448.17667.exe
-
Size
202KB
-
MD5
1ab2f904a7f8e509c033f4a2cabe1db7
-
SHA1
fd6617e944cc54eddc2a1431e2c46e44ff75c56a
-
SHA256
a3a588b7260264b1850f13ffd1e1d7eb390666a16907bbb45e0958ad0caadb72
-
SHA512
e7aac3fd4c928381f87b91d7162321bd9392dc9346c1004b2c8df22602f21d28bc7f7971669467bfdaf28fd75b6fe1d429c6349cb8d0109dc6cb8ce9f6de6dce
-
SSDEEP
3072:n6f065+tl8PteWa50X714vwtW44XX6AM53TSoH86CCNH0/2jMujgfPYF4SSojq2m:A0xkvef6C2U/2afg9jBnq
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-