General
-
Target
??????????? ??????????????.exe
-
Size
234KB
-
Sample
230405-hqtymacc52
-
MD5
38d378ff52ea3dba53a07eee3ed769c7
-
SHA1
94181ebcbe353d496701681b6bd03e06c1c63751
-
SHA256
0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4
-
SHA512
ab096595c92f3bca5659b2156e3daed47f70dd8ab3ddff1506ff164a50fa4d15f2503776d43633056ebcb569255295f8f7af53a031f552da1a3f73d017c105cc
-
SSDEEP
6144:gYa6oBsctoZqfq4S4JV2p9wubvEjRTsObhUXLbPp:gYxcCZqHp2prEVs+C7F
Static task
static1
Behavioral task
behavioral1
Sample
??????????? ??????????????.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
??????????? ??????????????.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
azorult
http://141.98.6.162/office/index.php
Targets
-
-
Target
??????????? ??????????????.exe
-
Size
234KB
-
MD5
38d378ff52ea3dba53a07eee3ed769c7
-
SHA1
94181ebcbe353d496701681b6bd03e06c1c63751
-
SHA256
0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4
-
SHA512
ab096595c92f3bca5659b2156e3daed47f70dd8ab3ddff1506ff164a50fa4d15f2503776d43633056ebcb569255295f8f7af53a031f552da1a3f73d017c105cc
-
SSDEEP
6144:gYa6oBsctoZqfq4S4JV2p9wubvEjRTsObhUXLbPp:gYxcCZqHp2prEVs+C7F
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-