General
-
Target
af5aa15a57b07a8c3c6376c9077c0c0f
-
Size
3.1MB
-
Sample
240229-ytynzsba6y
-
MD5
af5aa15a57b07a8c3c6376c9077c0c0f
-
SHA1
7390fd66837a67c4670f3d5aa1a2a1a7a8f04f05
-
SHA256
3bd4b94b1d71625d283c483762d5668d3545e353285e016b848e2b72bc107eda
-
SHA512
ffb23488b906f812ff0c447720e7ce46bf5584f35600ae1d599969a1c13d530af16bc1bd01578daf41e83a80975dde2993f1a63146cf1a7f3ff014861d9d8f1a
-
SSDEEP
98304:LdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8i:LdNB4ianUstYuUR2CSHsVP8i
Malware Config
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
af5aa15a57b07a8c3c6376c9077c0c0f
-
Size
3.1MB
-
MD5
af5aa15a57b07a8c3c6376c9077c0c0f
-
SHA1
7390fd66837a67c4670f3d5aa1a2a1a7a8f04f05
-
SHA256
3bd4b94b1d71625d283c483762d5668d3545e353285e016b848e2b72bc107eda
-
SHA512
ffb23488b906f812ff0c447720e7ce46bf5584f35600ae1d599969a1c13d530af16bc1bd01578daf41e83a80975dde2993f1a63146cf1a7f3ff014861d9d8f1a
-
SSDEEP
98304:LdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8i:LdNB4ianUstYuUR2CSHsVP8i
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-