Behavioral task
behavioral1
Sample
nkmvoXAz.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
nkmvoXAz.exe
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
nkmvoXAz.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
nkmvoXAz.exe
Resource
win11-20240802-en
General
-
Target
nkmvoXAz.bin.zip
-
Size
59KB
-
MD5
c05b9492d60de6c69f87e456584ce793
-
SHA1
a51a80a440d1af2f6ba5bcc56e211b1643cdcb5d
-
SHA256
4869058df68c8856d1d55d9fab7f5638eb30ec14f4266597261a5a2231ec7ef2
-
SHA512
1584176227b88cd63ebaf70cf31c0498db610acf4b086c87bcdf0c7cb72ed0373f14ef5dfb0b54c58eb18d873b05603f92338b0a999a8c10a3f51f221df3ce1c
-
SSDEEP
1536:I0JUb04JyaK2L1TRZsg5X/ToYtf3Op3VuZhqpM7acb:v2b0VF2Lqg5vUYd3OZVuZX+cb
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Signatures
-
Azorult family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/nkmvoXAz.bin
Files
-
nkmvoXAz.bin.zip.zip
Password: infected
-
nkmvoXAz.bin.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ