azorult | 168881016553511b44114cc09[.]exe | Triage

Sharing

General

Target

168881016553511b44114cc09.exe
Size

112KB
MD5

ca227cb49f755313d11a18900c170e9b
SHA1

6f52fe8aac7013d4bad88bac3f4bdc41460eb734
SHA256

c157531bb4d14cd35fc3ffe2a62fdd292f8e16566c663dcfbf083d75c4a94773
SHA512

74dcee3656e53c278ba1e0579f2688da9ff0d773543fb6026a337fa179294d46f6929abc4c3b25f79929fcb532ef4cf775dd10fcb0714c5637d40c50ccca042e
SSDEEP

3072:tuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SpyEY3E/Oxg/:Zzx7ZApszolIo7lf/ipT/O

Score

10^/10

azorult

Malware Config

Extracted

Family

azorult

C2

http://185.29.8.42/bagwell/Panel/index.php

Signatures

Azorult family
azorult

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
168881016553511b44114cc09.exe

Files

168881016553511b44114cc09.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ