Extracted

• • Target

    C69F3DAA7C4E94E3399487AEC0E18F38.exe

  • Size

    715KB

  • MD5

    c69f3daa7c4e94e3399487aec0e18f38

  • SHA1

    1d9b93f366c9b02b0a65a863cc87a597a59ec290

  • SHA256

    d4a414388bb5c63306ba96450753a3191d32afa1c9dc0a621c831d28956e0400

  • SHA512

    3acac85f26fcadc118ccb50d94c2ef23c9983e0561c10996682d1b1937b3674b172c2811dadeb6ea7ad36646f2158c1573c07c5c5040079e899594355c57e90d

  • SSDEEP

    12288:fKONkZz/V8mrzOVcCiNExE7DrZUtGSW4wtsFoIYTOkGWV5xqpWBrGtUJQ:fKSkZzumrw857DrZCGSW4ys6ISV5xqMv

  Score

  10^/10

  azorultcollectiondiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2