General
-
Target
Po Specification.exe
-
Size
2.2MB
-
Sample
230411-kywhjabe37
-
MD5
13cbb50ab7baa55f69e537e17693105b
-
SHA1
9ab981e270944fafc2fca0e29579b6833fa9c17b
-
SHA256
2a65a7afa9a6340082fab362bcf95ddb3c18639069abca6f7b05e9dea9d00a22
-
SHA512
4a07dbda2861f9302e13a9dd7838d3fb9fa136722e1f76354bb0da6a8e16ee239b7bb107b10d46cd5ffef0f73530b84fd4d3d02232d7ddf1e2b4f38156620482
-
SSDEEP
24576:kP2QIkaJcTdtNNAZ+iZ23d8h6vS8ToyL5zCmFiMtpCS4sj2NtELmMCnnPCYCT011:G2QIXJcxViiiJmfEbELnxr
Static task
static1
Behavioral task
behavioral1
Sample
Po Specification.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Po Specification.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
azorult
http://171.22.30.147/abbey/index.php
Targets
-
-
Target
Po Specification.exe
-
Size
2.2MB
-
MD5
13cbb50ab7baa55f69e537e17693105b
-
SHA1
9ab981e270944fafc2fca0e29579b6833fa9c17b
-
SHA256
2a65a7afa9a6340082fab362bcf95ddb3c18639069abca6f7b05e9dea9d00a22
-
SHA512
4a07dbda2861f9302e13a9dd7838d3fb9fa136722e1f76354bb0da6a8e16ee239b7bb107b10d46cd5ffef0f73530b84fd4d3d02232d7ddf1e2b4f38156620482
-
SSDEEP
24576:kP2QIkaJcTdtNNAZ+iZ23d8h6vS8ToyL5zCmFiMtpCS4sj2NtELmMCnnPCYCT011:G2QIXJcxViiiJmfEbELnxr
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-