General
-
Target
Azorult 3.3.exe
-
Size
1.1MB
-
Sample
240901-tyflrawblq
-
MD5
b91fe4c246efc048b78c9e162754a7a9
-
SHA1
15e1c4fe989290b07b60f93340476a9ba025bfa9
-
SHA256
d6af1ba026c010e4d006842da28b478419bbc4c711f907a28c52079bc7fea1bf
-
SHA512
4538a437fb2241ee38b1ab256618bbf2ea752bab92146fbf9138c6dd9585c5a5291155e19c6004372c925f300c0c7cfa87b7dfc467b556e8dbab092d8d04a2d2
-
SSDEEP
24576:KMyijQZ+ZJLXrfQRTJ6/aIRQbhB0LrKqk:/D0Z+ZZr4RT/I2dB0yqk
Static task
static1
Behavioral task
behavioral1
Sample
Azorult 3.3.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Azorult 3.3.exe
Resource
win7-20240708-en
Behavioral task
behavioral3
Sample
Azorult 3.3.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
xworm
146.190.110.91:3389
-
Install_directory
%AppData%
-
install_file
svchost.exe
-
telegram
https://api.telegram.org/bot7023899363:AAFEzgbfWzhyE32Lf95TKSRYEYXMd4AfMyk/sendMessage?chat_id=6354844663
Targets
-
-
Target
Azorult 3.3.exe
-
Size
1.1MB
-
MD5
b91fe4c246efc048b78c9e162754a7a9
-
SHA1
15e1c4fe989290b07b60f93340476a9ba025bfa9
-
SHA256
d6af1ba026c010e4d006842da28b478419bbc4c711f907a28c52079bc7fea1bf
-
SHA512
4538a437fb2241ee38b1ab256618bbf2ea752bab92146fbf9138c6dd9585c5a5291155e19c6004372c925f300c0c7cfa87b7dfc467b556e8dbab092d8d04a2d2
-
SSDEEP
24576:KMyijQZ+ZJLXrfQRTJ6/aIRQbhB0LrKqk:/D0Z+ZZr4RT/I2dB0yqk
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-