General
-
Target
Sr_3d_Builder_all_keygen.exe
-
Size
2.9MB
-
Sample
240229-xkwbtsab26
-
MD5
d09f11d25b52ff9cba3fc55c0865ae5c
-
SHA1
d974a539262e4adede62b8c0574519fb1f196b99
-
SHA256
9dd01926ee6c5c3f1bbc73eb2889b15a778c649dcba5b5059496a6eb321f3482
-
SHA512
01fc81df5e0866a6fe9484ca2e646c5ed8d55e583ce1750caddc7379f0649416dd4c384e8b1be3a698eea6a90cb8652a0487acb5d7af46664d201e0ab04a6c55
-
SSDEEP
49152:k1hZXoOgV4/TJdXcfcw65jZjj855SKBsIiF+GK/KrTvtFsKD95aNhMk5/tU:ehbgV4/VJdwmjZjmSYliFK/KHlFsKD9p
Static task
static1
Behavioral task
behavioral1
Sample
Sr_3d_Builder_all_keygen.exe
Resource
win7-20240221-en
Malware Config
Extracted
azorult
http://gigaload.info/1210776429.php
Extracted
pony
http://top.thisispw.com/keys7369921/gate.php
Targets
-
-
Target
Sr_3d_Builder_all_keygen.exe
-
Size
2.9MB
-
MD5
d09f11d25b52ff9cba3fc55c0865ae5c
-
SHA1
d974a539262e4adede62b8c0574519fb1f196b99
-
SHA256
9dd01926ee6c5c3f1bbc73eb2889b15a778c649dcba5b5059496a6eb321f3482
-
SHA512
01fc81df5e0866a6fe9484ca2e646c5ed8d55e583ce1750caddc7379f0649416dd4c384e8b1be3a698eea6a90cb8652a0487acb5d7af46664d201e0ab04a6c55
-
SSDEEP
49152:k1hZXoOgV4/TJdXcfcw65jZjj855SKBsIiF+GK/KrTvtFsKD95aNhMk5/tU:ehbgV4/VJdwmjZjmSYliFK/KHlFsKD9p
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-