General
-
Target
Hamster_Kombat_CodeChaos_keygen_by_KeyGenGuru.exe
-
Size
2.1MB
-
Sample
240902-segt2atend
-
MD5
29e43781af2d6ba12f70e86461b49ccd
-
SHA1
3acb34043fc36b39617ed9de3ed020ed4273a539
-
SHA256
a24d6135d7c1c97118fec56b8d0ac6b9e9d3f59111aa886b70be4476be119ebf
-
SHA512
b791518d88422f780806ff0b3731f2d971607f03d2559e47bf11d5448f9d5e9d2d62b5b4b2de4fdd26a64c9975b483029cdf3c2dd16a44b025f645f9987fc91b
-
SSDEEP
49152:k1hZXhD5MSU/ijQM7WUXVOzYV28io2VTOQQo2xq3im1y:eh6SUajQM7NXVGQ2NOq2xE1y
Static task
static1
Behavioral task
behavioral1
Sample
Hamster_Kombat_CodeChaos_keygen_by_KeyGenGuru.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Hamster_Kombat_CodeChaos_keygen_by_KeyGenGuru.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Hamster_Kombat_CodeChaos_keygen_by_KeyGenGuru.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
Hamster_Kombat_CodeChaos_keygen_by_KeyGenGuru.exe
Resource
win11-20240802-en
Malware Config
Extracted
azorult
http://gigaload.click/1210776429.php
Extracted
pony
http://top.enkey.click/bussin/gate.php
Targets
-
-
Target
Hamster_Kombat_CodeChaos_keygen_by_KeyGenGuru.exe
-
Size
2.1MB
-
MD5
29e43781af2d6ba12f70e86461b49ccd
-
SHA1
3acb34043fc36b39617ed9de3ed020ed4273a539
-
SHA256
a24d6135d7c1c97118fec56b8d0ac6b9e9d3f59111aa886b70be4476be119ebf
-
SHA512
b791518d88422f780806ff0b3731f2d971607f03d2559e47bf11d5448f9d5e9d2d62b5b4b2de4fdd26a64c9975b483029cdf3c2dd16a44b025f645f9987fc91b
-
SSDEEP
49152:k1hZXhD5MSU/ijQM7WUXVOzYV28io2VTOQQo2xq3im1y:eh6SUajQM7NXVGQ2NOq2xE1y
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1