General
-
Target
LC-2257ITVA230619.exe
-
Size
726KB
-
Sample
230620-g8cavsbf2v
-
MD5
697a99e700479786e84a0b8e0193fa35
-
SHA1
94a40beca2fcd5cfad2bab9c8ba3b5da3eda4968
-
SHA256
430040057985d6ebb9f1582f2b3dc27c8b91ab1109d7e87ebbbc09231cad6d86
-
SHA512
45c9baadfdb23be2e017237ec092350a6a2d2130704cb100f63771ac745fd08da366ac1e8df2e9b2446beffce3c4b617a8ba4762c0a30df8cddf479cf0e1e525
-
SSDEEP
12288:gMwRSpbONq9DIcsOub0zIPefHjhT5g3lyHKSE8polAF6ekcyyyGGZYnFzLV:gMwRSpbONsnsDoI+1G4HKWpoaFKcqJGv
Static task
static1
Behavioral task
behavioral1
Sample
LC-2257ITVA230619.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
LC-2257ITVA230619.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
azorult
http://dou3ble.shop/Dbl3/index.php
Targets
-
-
Target
LC-2257ITVA230619.exe
-
Size
726KB
-
MD5
697a99e700479786e84a0b8e0193fa35
-
SHA1
94a40beca2fcd5cfad2bab9c8ba3b5da3eda4968
-
SHA256
430040057985d6ebb9f1582f2b3dc27c8b91ab1109d7e87ebbbc09231cad6d86
-
SHA512
45c9baadfdb23be2e017237ec092350a6a2d2130704cb100f63771ac745fd08da366ac1e8df2e9b2446beffce3c4b617a8ba4762c0a30df8cddf479cf0e1e525
-
SSDEEP
12288:gMwRSpbONq9DIcsOub0zIPefHjhT5g3lyHKSE8polAF6ekcyyyGGZYnFzLV:gMwRSpbONsnsDoI+1G4HKWpoaFKcqJGv
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-