General
-
Target
69773ff9cddbe895d0c1a7c381e15d81.bin
-
Size
1.9MB
-
Sample
230627-by5lrscf89
-
MD5
27c97e68b6c392717944c9a7f25ed1e8
-
SHA1
b87edd33ee138156fa016d71462d50ea9fb0c480
-
SHA256
7c0602f54e0f2a3dac79b6fe48a83cfc6f0d254c7234ac63fdd43a39c9940441
-
SHA512
11a60c272a5a412ad5443322a3ccc6d7daf338bb75a87a3f7c7c6a8cc13a05062e5cd079bc6c10b424abe5ca2083ed73d78b5e302c6685e071eae553ca57e24a
-
SSDEEP
49152:d4YKPRLEhGa34hu6nSgXZE8zj0cCl6n5Z6D+VGz/kAen5tyUMp0bz:dV0ir1gXqncm6nfx1nm2
Static task
static1
Behavioral task
behavioral1
Sample
fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505.exe
-
Size
2.0MB
-
MD5
69773ff9cddbe895d0c1a7c381e15d81
-
SHA1
15a2796b6b77bd1f03eb0a30cfeb7e3c2f0a0631
-
SHA256
fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505
-
SHA512
550f9e02a7f1a1dc3734ba0d86940c2b298cee5890801aeba4f738bb306cdc717a6ecad34e2ebd2c3ac1b0151f2acae7131388f999a30ab9b914c3707a35544e
-
SSDEEP
49152:NZVlrVqLTyYBYTKiJHZ+guvLN09WIfw8eZrjwMmPK:7hIGKiJk7LN09WKOdMMmy
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-