Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PURCHASE ORDER.exe
-
Size
158KB
-
Sample
230323-sa124sac9s
-
MD5
ce84573aa1706cc43cc2fea8a1c98447
-
SHA1
71af640bba2e156311b277f62faa49af184a864b
-
SHA256
4be5fa9ac61777638bf7550de77fffee6aa150b0e5c55612753f5fe3d931d885
-
SHA512
e0bb1ab721099aec4ff92c550460e94cc8ef9662a2f44ac977f793bd5d8633b0969ae5c502b2f8dcffb1710f55e63672709a4cab2d4e86a530ed70209bb17aa1
-
SSDEEP
3072:Gc+LTYERpkurjMNT8dG8LiykZrFMM/j0dRDaUmwb:kLTYm3XsGG8uykxjsDaUmw
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
azorult
http://34.217.22.124/index.php
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
158KB
-
MD5
ce84573aa1706cc43cc2fea8a1c98447
-
SHA1
71af640bba2e156311b277f62faa49af184a864b
-
SHA256
4be5fa9ac61777638bf7550de77fffee6aa150b0e5c55612753f5fe3d931d885
-
SHA512
e0bb1ab721099aec4ff92c550460e94cc8ef9662a2f44ac977f793bd5d8633b0969ae5c502b2f8dcffb1710f55e63672709a4cab2d4e86a530ed70209bb17aa1
-
SSDEEP
3072:Gc+LTYERpkurjMNT8dG8LiykZrFMM/j0dRDaUmwb:kLTYm3XsGG8uykxjsDaUmw
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-