General
-
Target
c221a38ae1e20f3638560e3c08d707c8
-
Size
3.1MB
-
Sample
240312-b2dbpacc5s
-
MD5
c221a38ae1e20f3638560e3c08d707c8
-
SHA1
f24810d282093c4afe89a32f3b408d61d9078449
-
SHA256
1f4cc0bfd86c2a57b6d65436dc6838cff48bb3333d12d5af631896871636095a
-
SHA512
aaa560c7298da5ab1e3ebdeac0b4d0d91fe2b8f0049fe676cad8827c7b579f88302e109f28bd6a7102334a991dd74b8324dd686d737624d1d2f681c9d9e8daa5
-
SSDEEP
98304:IdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8q:IdNB4ianUstYuUR2CSHsVP8q
Malware Config
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
c221a38ae1e20f3638560e3c08d707c8
-
Size
3.1MB
-
MD5
c221a38ae1e20f3638560e3c08d707c8
-
SHA1
f24810d282093c4afe89a32f3b408d61d9078449
-
SHA256
1f4cc0bfd86c2a57b6d65436dc6838cff48bb3333d12d5af631896871636095a
-
SHA512
aaa560c7298da5ab1e3ebdeac0b4d0d91fe2b8f0049fe676cad8827c7b579f88302e109f28bd6a7102334a991dd74b8324dd686d737624d1d2f681c9d9e8daa5
-
SSDEEP
98304:IdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8q:IdNB4ianUstYuUR2CSHsVP8q
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-