General
-
Target
FATURA.exe
-
Size
179KB
-
Sample
230713-gqn7psfe26
-
MD5
09f2520a8c1903fb6945c77ae9cfb897
-
SHA1
e91edcae0b19fe3ac3e248d633a2ab431c3bf88e
-
SHA256
863da396800cfdb42428375c45dce9778798ec4669420f00561b8654aa25ee09
-
SHA512
60b9177ca4c1374cc8ff8d239c18d4d8edd9a5e9798fd2f299ec0d77551cf299cf357e6f6f7ecd78c6e313d8312adc2e214d7c4fe1ff82bb48bd7a2e02bdb7ae
-
SSDEEP
3072:ANzPHk9MpcWbNUrS7zDvwhTCobzFrU5lT+7oGMXdXHhF5VrZzveMA6RaBfv4A/Ss:AhRDNGOzzfIF4DiEGMX1HhF5VrlveBDL
Static task
static1
Behavioral task
behavioral1
Sample
FATURA.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
FATURA.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
azorult
http://mcoaz.shop/DXO341/index.php
Targets
-
-
Target
FATURA.exe
-
Size
179KB
-
MD5
09f2520a8c1903fb6945c77ae9cfb897
-
SHA1
e91edcae0b19fe3ac3e248d633a2ab431c3bf88e
-
SHA256
863da396800cfdb42428375c45dce9778798ec4669420f00561b8654aa25ee09
-
SHA512
60b9177ca4c1374cc8ff8d239c18d4d8edd9a5e9798fd2f299ec0d77551cf299cf357e6f6f7ecd78c6e313d8312adc2e214d7c4fe1ff82bb48bd7a2e02bdb7ae
-
SSDEEP
3072:ANzPHk9MpcWbNUrS7zDvwhTCobzFrU5lT+7oGMXdXHhF5VrZzveMA6RaBfv4A/Ss:AhRDNGOzzfIF4DiEGMX1HhF5VrlveBDL
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-