General
-
Target
df8148fdbea45757019f03995d757ea0
-
Size
4.5MB
-
Sample
240326-szce2sgc7w
-
MD5
df8148fdbea45757019f03995d757ea0
-
SHA1
a256b2e83795191d622d1355c11b105c9ee7274c
-
SHA256
98f443fa7605c0ca0ff2aac8bdd71654a31c43e447e8d1d882bffd2776a71ccf
-
SHA512
9316d822787e3c7211ab0c02ee7f2ffad23bf2c98d17c765f0a50f3203e528c8d8d224f47a8151581b2e116d1ac9543f9232d7ab5462e3501b1963e5425b10ef
-
SSDEEP
98304:0dNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf81:0dNB4ianUstYuUR2CSHsVP81
Malware Config
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Targets
-
-
Target
df8148fdbea45757019f03995d757ea0
-
Size
4.5MB
-
MD5
df8148fdbea45757019f03995d757ea0
-
SHA1
a256b2e83795191d622d1355c11b105c9ee7274c
-
SHA256
98f443fa7605c0ca0ff2aac8bdd71654a31c43e447e8d1d882bffd2776a71ccf
-
SHA512
9316d822787e3c7211ab0c02ee7f2ffad23bf2c98d17c765f0a50f3203e528c8d8d224f47a8151581b2e116d1ac9543f9232d7ab5462e3501b1963e5425b10ef
-
SSDEEP
98304:0dNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf81:0dNB4ianUstYuUR2CSHsVP81
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-