Extracted

• • Target

    1688809445418496e2cd397e2.datdecoded

  • Size

    112KB

  • MD5

    1b0a8133cbc53ad132c5b70643509048

  • SHA1

    8cfcf6aaca6f095771e80f03ed8dedf95bdef22e

  • SHA256

    7897cbf57b2a25446cedc1995c9950478a2c371c99ef87a0c82c7544742925f8

  • SHA512

    e63bc2b33543558511494f9362d22cd1ba9027c2d9f382176445884e12103b079c33ce34310c449d0290a5590c39ddbec2603b5c471e5cdeb80133d7a34224eb

  • SSDEEP

    3072:tuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SpyEY3E/txg/:Zzx7ZApszolIo7lf/ipT/t

  Score

  10^/10

  azorultcollectiondiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2