General
-
Target
4a426a26e587749e368137e727a8e806
-
Size
3.1MB
-
Sample
231226-b53qracfgl
-
MD5
4a426a26e587749e368137e727a8e806
-
SHA1
f497b63c89f4c897a73931386d28c2b3d9f01840
-
SHA256
bd464b10f6cf96a48f52e2f893d86b0b804047ff4f67bba89bb12e80b8d84142
-
SHA512
04e12f4a0fa24de194c985ce7b30d9d3f3f176931b944c99907b350aab488a15228ad75787a533e0322aa5f2d2a0891e257bff1f78e72f005a7b09e3470b1374
-
SSDEEP
98304:YdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8S:YdNB4ianUstYuUR2CSHsVP8S
Malware Config
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Targets
-
-
Target
4a426a26e587749e368137e727a8e806
-
Size
3.1MB
-
MD5
4a426a26e587749e368137e727a8e806
-
SHA1
f497b63c89f4c897a73931386d28c2b3d9f01840
-
SHA256
bd464b10f6cf96a48f52e2f893d86b0b804047ff4f67bba89bb12e80b8d84142
-
SHA512
04e12f4a0fa24de194c985ce7b30d9d3f3f176931b944c99907b350aab488a15228ad75787a533e0322aa5f2d2a0891e257bff1f78e72f005a7b09e3470b1374
-
SSDEEP
98304:YdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8S:YdNB4ianUstYuUR2CSHsVP8S
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-