Extracted

• • Target

    IMG_06631_0173.exe

  • Size

    2.4MB

  • MD5

    7509bcee32836ba48d6d599d6040cea1

  • SHA1

    9c8913621e45bf9947902a457fd215a1d5fae7f2

  • SHA256

    78b4fcbb34607b6cdfd1af26673a2bda62c56cd611f694a467015e57a4d48026

  • SHA512

    447d4568f3681626324f4d8fb7b35033f40d5b84bd83ae018a76972d7827692620daa92fa3175e8c852664d6e67bc1ab253fb283b899898ea95be5b0481e9164

  • SSDEEP

    49152:0Br4DV4urIIhSDdNo/DynbU4ckQVIFOotX4MFaRVa0F5DZUt2Mrj9:0Br4h4mIT+yw4cj7otoQaRnFFZUR

  Score

  10^/10

  azorultcollectiondiscoveryinfostealerpersistencespywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2