General
-
Target
baf9ca75d335e33b6bc63ffe2f7149d9.exe
-
Size
205KB
-
Sample
230327-elnz2abe83
-
MD5
baf9ca75d335e33b6bc63ffe2f7149d9
-
SHA1
3e4c29a668ab5db7a2e3fc3ed0d7cce90cd3111c
-
SHA256
2a3b9417a90179a848e9dd0cb628bc88042d284505901f092aa77a360c09e405
-
SHA512
d19c94cef3e5c5afe23b4336d05bb1195d9bd1f6bbe3d541b352d6dd19b1b3162b87c2ecfac70d35612689da23beb83f58c0c9befc9be275e8778b4a9e876b2a
-
SSDEEP
3072:2fY/TU9fE9PEtu4TSkvVcbloANFF8WA1LBLoNFhqdxG3ZIPFpVDCWh8Y6N3+j5jX:gYa6oBAloAipdoj1pYxedG56bb6RT
Static task
static1
Behavioral task
behavioral1
Sample
baf9ca75d335e33b6bc63ffe2f7149d9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
baf9ca75d335e33b6bc63ffe2f7149d9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
azorult
http://85.31.45.29/Godblessings/index.php
Targets
-
-
Target
baf9ca75d335e33b6bc63ffe2f7149d9.exe
-
Size
205KB
-
MD5
baf9ca75d335e33b6bc63ffe2f7149d9
-
SHA1
3e4c29a668ab5db7a2e3fc3ed0d7cce90cd3111c
-
SHA256
2a3b9417a90179a848e9dd0cb628bc88042d284505901f092aa77a360c09e405
-
SHA512
d19c94cef3e5c5afe23b4336d05bb1195d9bd1f6bbe3d541b352d6dd19b1b3162b87c2ecfac70d35612689da23beb83f58c0c9befc9be275e8778b4a9e876b2a
-
SSDEEP
3072:2fY/TU9fE9PEtu4TSkvVcbloANFF8WA1LBLoNFhqdxG3ZIPFpVDCWh8Y6N3+j5jX:gYa6oBAloAipdoj1pYxedG56bb6RT
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-