General
-
Target
14a8c2f67d92486c89eac26af4d2018d
-
Size
3.1MB
-
Sample
231224-12nvvscdf8
-
MD5
14a8c2f67d92486c89eac26af4d2018d
-
SHA1
0e3ac0615936d2f2b371b751ddc60396c134c0b1
-
SHA256
e561b6430b7eada808e069b7d7eb49c573e1f68007e3c87c4320039a5d599c52
-
SHA512
55f366abda35de1a6af889543e68bc1a56ed2ddcddab1d29387edd3fb552e14fb2c08cc6ee50f7f58b85ab329bb1173b5590fa7f2d70165e716ef0846b17d86c
-
SSDEEP
98304:adNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf85:adNB4ianUstYuUR2CSHsVP85
Malware Config
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Targets
-
-
Target
14a8c2f67d92486c89eac26af4d2018d
-
Size
3.1MB
-
MD5
14a8c2f67d92486c89eac26af4d2018d
-
SHA1
0e3ac0615936d2f2b371b751ddc60396c134c0b1
-
SHA256
e561b6430b7eada808e069b7d7eb49c573e1f68007e3c87c4320039a5d599c52
-
SHA512
55f366abda35de1a6af889543e68bc1a56ed2ddcddab1d29387edd3fb552e14fb2c08cc6ee50f7f58b85ab329bb1173b5590fa7f2d70165e716ef0846b17d86c
-
SSDEEP
98304:adNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf85:adNB4ianUstYuUR2CSHsVP85
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-