General
-
Target
keygen-step-1.exe
-
Size
112KB
-
Sample
240826-v6j5kswfqd
-
MD5
67494c734aff5951a04e474982930b77
-
SHA1
c37e55dabab943892fdb23a3dcb27e9e1567667c
-
SHA256
8e0b16cb20b4e833537bc17f619a3f013fbec5da1d11063561496bdd89985fc2
-
SHA512
0f98e31e729a451169d1f249ab8332365f6502ec933c5c4483065d331f9a065b93e819454892dbcfce6fc830b40d12f1a5a89e99c392ad6eceea7e556cd49c4a
-
SSDEEP
3072:KExRaX6raoCoCyz6/mqv1JR+yBtGOeaeWgiNq:faZ1tme++wiE
Behavioral task
behavioral1
Sample
keygen-step-1.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
keygen-step-1.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
azorult
http://gigaload.click/1210776429.php
Targets
-
-
Target
keygen-step-1.exe
-
Size
112KB
-
MD5
67494c734aff5951a04e474982930b77
-
SHA1
c37e55dabab943892fdb23a3dcb27e9e1567667c
-
SHA256
8e0b16cb20b4e833537bc17f619a3f013fbec5da1d11063561496bdd89985fc2
-
SHA512
0f98e31e729a451169d1f249ab8332365f6502ec933c5c4483065d331f9a065b93e819454892dbcfce6fc830b40d12f1a5a89e99c392ad6eceea7e556cd49c4a
-
SSDEEP
3072:KExRaX6raoCoCyz6/mqv1JR+yBtGOeaeWgiNq:faZ1tme++wiE
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1