General
-
Target
ab5736b493bbf801dcc9a04e2e5152e1
-
Size
3.1MB
-
Sample
231227-kvs81agegk
-
MD5
ab5736b493bbf801dcc9a04e2e5152e1
-
SHA1
12cd047383758163e49cddc18e566dd873eb3e14
-
SHA256
934c57f99b617dcddff0e96ce45110f7c5552f3f3407cb287c5c08a8d9688a8a
-
SHA512
0bb0804329c7ef8f99a2ccd1507075ff2e81dcd7ac887cd30f19dce45bc2873a6a1b77f1870b2e8e9ad2296a6484c36708b2e7a0a4a07bfa9682837fae1cafad
-
SSDEEP
98304:tdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:tdNB4ianUstYuUR2CSHsVP8x
Behavioral task
behavioral1
Sample
ab5736b493bbf801dcc9a04e2e5152e1.exe
Resource
win7-20231215-en
Malware Config
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Targets
-
-
Target
ab5736b493bbf801dcc9a04e2e5152e1
-
Size
3.1MB
-
MD5
ab5736b493bbf801dcc9a04e2e5152e1
-
SHA1
12cd047383758163e49cddc18e566dd873eb3e14
-
SHA256
934c57f99b617dcddff0e96ce45110f7c5552f3f3407cb287c5c08a8d9688a8a
-
SHA512
0bb0804329c7ef8f99a2ccd1507075ff2e81dcd7ac887cd30f19dce45bc2873a6a1b77f1870b2e8e9ad2296a6484c36708b2e7a0a4a07bfa9682837fae1cafad
-
SSDEEP
98304:tdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:tdNB4ianUstYuUR2CSHsVP8x
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-