General
-
Target
c72b24524f8287ae8cf4273a4ef61573
-
Size
3.1MB
-
Sample
231228-f2n6eafhgn
-
MD5
c72b24524f8287ae8cf4273a4ef61573
-
SHA1
b5fc35c2c1a3b608b2ce52772c1befa82aeff392
-
SHA256
162cfa86a5f385b1c2e5767c1eff60abd637fea8e7a2ba37256ff3e0437c802f
-
SHA512
7b0f69949089f6238a07d6087b6fc53979ee5e0c33cc3f2310af6ec185012a29981e008ca83f1198f66b7b776a1180519ea7154f6c633a3aae62f2138eee4bf9
-
SSDEEP
98304:sdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:sdNB4ianUstYuUR2CSHsVP8x
Malware Config
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Targets
-
-
Target
c72b24524f8287ae8cf4273a4ef61573
-
Size
3.1MB
-
MD5
c72b24524f8287ae8cf4273a4ef61573
-
SHA1
b5fc35c2c1a3b608b2ce52772c1befa82aeff392
-
SHA256
162cfa86a5f385b1c2e5767c1eff60abd637fea8e7a2ba37256ff3e0437c802f
-
SHA512
7b0f69949089f6238a07d6087b6fc53979ee5e0c33cc3f2310af6ec185012a29981e008ca83f1198f66b7b776a1180519ea7154f6c633a3aae62f2138eee4bf9
-
SSDEEP
98304:sdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:sdNB4ianUstYuUR2CSHsVP8x
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-