General
-
Target
ekstre.exe
-
Size
432KB
-
Sample
230918-dcgzpahb34
-
MD5
199b0efae75612c7b630ecad45837e26
-
SHA1
fd6eeeb7e3273e673f331732fdfbbad10f22dbbd
-
SHA256
d9457e8058d8950ba97a8a57c3f7771c0093d72600bf5e9e1f085e4d3b497e7c
-
SHA512
38b9b7fea2938c442ecbd2b8e8cc1afcacb964add008c9fa7497494c1875dfa3390ff56d0e2a13806dd65824ccde83968b498cb824226c7231d071e526c34773
-
SSDEEP
12288:xgnN+4E6KpEuODhRAGmP3b11C4YvgTIBPHX:IE4EODXXmz11C4YVBPHX
Static task
static1
Behavioral task
behavioral1
Sample
ekstre.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ekstre.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
ekstre.exe
-
Size
432KB
-
MD5
199b0efae75612c7b630ecad45837e26
-
SHA1
fd6eeeb7e3273e673f331732fdfbbad10f22dbbd
-
SHA256
d9457e8058d8950ba97a8a57c3f7771c0093d72600bf5e9e1f085e4d3b497e7c
-
SHA512
38b9b7fea2938c442ecbd2b8e8cc1afcacb964add008c9fa7497494c1875dfa3390ff56d0e2a13806dd65824ccde83968b498cb824226c7231d071e526c34773
-
SSDEEP
12288:xgnN+4E6KpEuODhRAGmP3b11C4YvgTIBPHX:IE4EODXXmz11C4YVBPHX
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-