Extracted

• • Target

    79c447a36372e33fee48fb97a6cec62855e9c1b944a17a24779d585668a15955.exe

  • Size

    1.2MB

  • MD5

    73fa1629c89c908f963507859345fc97

  • SHA1

    2de7c05b335fac829798a53df058895a9bfd8a95

  • SHA256

    79c447a36372e33fee48fb97a6cec62855e9c1b944a17a24779d585668a15955

  • SHA512

    a7ca056c52ad6934ac57a98b96c4aa25e4e743fdd7a493f8a136d1a38743231be62825fe9b088dee9e427fc2868893ddb381c2be3f9ee99a2b30cf72544a1cd0

  • SSDEEP

    24576:7+DHqgxZ+lrpWnLwegibLL9WKgILf+wNE1r1tdRadUfuEYpqpB99fv0Ooc:SL1Z+lCMedbLLbb+wNMtzadSudpqTbUP

  Score

  10^/10

  azorultcollectiondiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Deletes itself

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2