Overview

overview

10

Static

static

1

65645a7b02...bc.exe

windows7-x64

10

65645a7b02...bc.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65645a7b022d73d26cf94f50e0c9eaa224911bf8443b0366bcc671be27dbb9bc.exe

  • Size

    849KB

  • Sample

    240726-d4zc2stgkl

  • MD5

    0be9332786cd2b5d41edf5746bd4d351

  • SHA1

    44443541dd2e4a40820f23d9057a92a27dfdc823

  • SHA256

    65645a7b022d73d26cf94f50e0c9eaa224911bf8443b0366bcc671be27dbb9bc

  • SHA512

    0dc9145a7cd7c7a2f8fcac3cad2ad8d046f2457013f8948423e8ba14928508b5fed3bb2835e5616c7072e0305e67a870fd5d2198d6e6220baf75e23047e2ecb2

  • SSDEEP

    24576:HYDoeMwkejuoLDypBE2pBV92Smc7RfLym5Nhcp:4dMErLepBE2Sg7RDxhy

Score
10/10
azorultdiscoveryexecutioninfostealertrojan

Malware Config

Targets

    • Target

      65645a7b022d73d26cf94f50e0c9eaa224911bf8443b0366bcc671be27dbb9bc.exe

    • Size

      849KB

    • MD5

      0be9332786cd2b5d41edf5746bd4d351

    • SHA1

      44443541dd2e4a40820f23d9057a92a27dfdc823

    • SHA256

      65645a7b022d73d26cf94f50e0c9eaa224911bf8443b0366bcc671be27dbb9bc

    • SHA512

      0dc9145a7cd7c7a2f8fcac3cad2ad8d046f2457013f8948423e8ba14928508b5fed3bb2835e5616c7072e0305e67a870fd5d2198d6e6220baf75e23047e2ecb2

    • SSDEEP

      24576:HYDoeMwkejuoLDypBE2pBV92Smc7RfLym5Nhcp:4dMErLepBE2Sg7RDxhy

    Score
    10/10
    azorultdiscoveryexecutioninfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks