General
-
Target
1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b.exe
-
Size
533KB
-
Sample
240418-h35wnaee26
-
MD5
ab92ac92a5660397fd2bb0bf54e405e7
-
SHA1
71696c57e08d2611547820602f466088d7999119
-
SHA256
1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b
-
SHA512
7a41aef4ac81cbd41ad293b92b758d37f734856e681d51b6e18299f162b6099fa43ae42f1dda7e565f7bce8a8dfafa026a38ec9579d902267fa06d21bba609bb
-
SSDEEP
12288:vlOATP7Umq9adG75huKA6QMy1dHswGSoKluxdXXxd1672cWjoIC:sAD7Lq97ju96VUHT0KluxBD4rA
Malware Config
Extracted
azorult
http://ccrhs.shop/MI341/index.php
Targets
-
-
Target
1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b.exe
-
Size
533KB
-
MD5
ab92ac92a5660397fd2bb0bf54e405e7
-
SHA1
71696c57e08d2611547820602f466088d7999119
-
SHA256
1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b
-
SHA512
7a41aef4ac81cbd41ad293b92b758d37f734856e681d51b6e18299f162b6099fa43ae42f1dda7e565f7bce8a8dfafa026a38ec9579d902267fa06d21bba609bb
-
SSDEEP
12288:vlOATP7Umq9adG75huKA6QMy1dHswGSoKluxdXXxd1672cWjoIC:sAD7Lq97ju96VUHT0KluxBD4rA
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-