General
-
Target
COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe
-
Size
629KB
-
Sample
240906-pdq5jawdng
-
MD5
f34d46989b27c8a7c40d395b0afd9c86
-
SHA1
e4a7ec238d8435b094c5a38a601e133da646b4fb
-
SHA256
0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11
-
SHA512
ed53d43fdc9f1d075d94de4e79bf8631655c30a5571d5e6e3971a3a5a3a14ddaff16361df4824ad342d2375e195a0a3c8c5b6b303ee10e244a3c6d2626a5c826
-
SSDEEP
12288:6ZZIH53gbcNk10Fu8ndvsFTEf5yFqfKLRm2/gx0xI4BOiOycDbmmpS45cZbtTkR:dHKbcNk10FBEGfWqp+gqI441FJpSBXG
Static task
static1
Behavioral task
behavioral1
Sample
COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
azorult
http://l0h5.shop/CM341/index.php
Targets
-
-
Target
COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe
-
Size
629KB
-
MD5
f34d46989b27c8a7c40d395b0afd9c86
-
SHA1
e4a7ec238d8435b094c5a38a601e133da646b4fb
-
SHA256
0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11
-
SHA512
ed53d43fdc9f1d075d94de4e79bf8631655c30a5571d5e6e3971a3a5a3a14ddaff16361df4824ad342d2375e195a0a3c8c5b6b303ee10e244a3c6d2626a5c826
-
SSDEEP
12288:6ZZIH53gbcNk10Fu8ndvsFTEf5yFqfKLRm2/gx0xI4BOiOycDbmmpS45cZbtTkR:dHKbcNk10FBEGfWqp+gqI441FJpSBXG
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-