General
-
Target
ekstre.exe
-
Size
432KB
-
Sample
230918-db6awshb32
-
MD5
199b0efae75612c7b630ecad45837e26
-
SHA1
fd6eeeb7e3273e673f331732fdfbbad10f22dbbd
-
SHA256
d9457e8058d8950ba97a8a57c3f7771c0093d72600bf5e9e1f085e4d3b497e7c
-
SHA512
38b9b7fea2938c442ecbd2b8e8cc1afcacb964add008c9fa7497494c1875dfa3390ff56d0e2a13806dd65824ccde83968b498cb824226c7231d071e526c34773
-
SSDEEP
12288:xgnN+4E6KpEuODhRAGmP3b11C4YvgTIBPHX:IE4EODXXmz11C4YVBPHX
Static task
static1
Behavioral task
behavioral1
Sample
ekstre.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ekstre.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
ekstre.exe
-
Size
432KB
-
MD5
199b0efae75612c7b630ecad45837e26
-
SHA1
fd6eeeb7e3273e673f331732fdfbbad10f22dbbd
-
SHA256
d9457e8058d8950ba97a8a57c3f7771c0093d72600bf5e9e1f085e4d3b497e7c
-
SHA512
38b9b7fea2938c442ecbd2b8e8cc1afcacb964add008c9fa7497494c1875dfa3390ff56d0e2a13806dd65824ccde83968b498cb824226c7231d071e526c34773
-
SSDEEP
12288:xgnN+4E6KpEuODhRAGmP3b11C4YvgTIBPHX:IE4EODXXmz11C4YVBPHX
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-