General
-
Target
Geneforge_4_v1_keymaker_by_ViKiNG.exe
-
Size
3.4MB
-
Sample
231130-2mmvpacc79
-
MD5
8d5f03456bef80ecabf57fee9c49bfc5
-
SHA1
afe5da8d259d648f6cb32eb81afe8a504804bc84
-
SHA256
af21f2bb9d4f3933b65bfe469eeb5f0bbc50642375564eb471645d995f94e1f8
-
SHA512
4049273bd945427a376455f90ce744daf8e1d79a66fdc6268e5c177de5f3d541a05a8301bc47cc360a8ede4e8ac11f7a2a8c47fc09c631f4799a39aaae0ade2d
-
SSDEEP
98304:yUB2l3gv98UZhpBGedkDFK9l4FyK02ZS2WrkpbiZE:XB2yv9RhWGoFOl4bRZRWwZd
Static task
static1
Behavioral task
behavioral1
Sample
Geneforge_4_v1_keymaker_by_ViKiNG.exe
Resource
win7-20231023-en
Malware Config
Extracted
https://www.connectingkeralam.com/wp-content/uploads/debug2.ps1
Extracted
azorult
http://gigaload.info/1210776429.php
Extracted
pony
http://top.thisispw.com/keys7369921/gate.php
Targets
-
-
Target
Geneforge_4_v1_keymaker_by_ViKiNG.exe
-
Size
3.4MB
-
MD5
8d5f03456bef80ecabf57fee9c49bfc5
-
SHA1
afe5da8d259d648f6cb32eb81afe8a504804bc84
-
SHA256
af21f2bb9d4f3933b65bfe469eeb5f0bbc50642375564eb471645d995f94e1f8
-
SHA512
4049273bd945427a376455f90ce744daf8e1d79a66fdc6268e5c177de5f3d541a05a8301bc47cc360a8ede4e8ac11f7a2a8c47fc09c631f4799a39aaae0ade2d
-
SSDEEP
98304:yUB2l3gv98UZhpBGedkDFK9l4FyK02ZS2WrkpbiZE:XB2yv9RhWGoFOl4bRZRWwZd
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-