General
-
Target
COD 09256214_Τετάρτη, Αυγούστου 2024_765124.PDF.gz
-
Size
533KB
-
Sample
240906-p5s37sxhph
-
MD5
61e488a7dca5e373cec43f8ff126428c
-
SHA1
1bb2b75b211f0e2f67517876d76c3f0bf3457b70
-
SHA256
a5c710cd7d220f75e78f08ca89a3017ae08ad6761d57473e4a9f55df02c47d58
-
SHA512
de31b4df674af79e7936f3cfefc3c83148305d3f6c9479b35b2e3816433a5f8f2447799a0ce65543067b87c6a7aa967426e10008f01037da395e9d04aaca74de
-
SSDEEP
12288:Y+1ZjOerHe8PdVIFrEfpytqRiVhmW/At0xIqxOWyec7bYwtS4TcZ7T+a:Y+rKerHBSafuq7eAeIqIDl1tSFd/
Static task
static1
Behavioral task
behavioral1
Sample
COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
azorult
http://l0h5.shop/CM341/index.php
Targets
-
-
Target
COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe
-
Size
629KB
-
MD5
f34d46989b27c8a7c40d395b0afd9c86
-
SHA1
e4a7ec238d8435b094c5a38a601e133da646b4fb
-
SHA256
0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11
-
SHA512
ed53d43fdc9f1d075d94de4e79bf8631655c30a5571d5e6e3971a3a5a3a14ddaff16361df4824ad342d2375e195a0a3c8c5b6b303ee10e244a3c6d2626a5c826
-
SSDEEP
12288:6ZZIH53gbcNk10Fu8ndvsFTEf5yFqfKLRm2/gx0xI4BOiOycDbmmpS45cZbtTkR:dHKbcNk10FBEGfWqp+gqI441FJpSBXG
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-