General
-
Target
2024-09-17_640a2b28957aeb7b3147b796a3e9fe57_magniber
-
Size
1.9MB
-
Sample
240917-w5wyesxhlh
-
MD5
640a2b28957aeb7b3147b796a3e9fe57
-
SHA1
5998e9ec9a3574c62bb73179f5b212b19add2bc0
-
SHA256
403fe5fca6fe4c90585fbf7533c7755619a5d5455933b5798eaf95b14bd510ed
-
SHA512
4887f11085ae8ab85258445c1e902eb69901f9cb2720cf8251985662872d83aac150e32bbdb797fd2a6197da2b79a575b06ae70bef37ac403b2fb9d7f9ff7365
-
SSDEEP
49152:XbwTDIrh3crgiLGBLHTLJRPgMnlsEqSb0q5VWy7EeNL:8TDIrh3crkr5gMnlsEqGPtQAL
Malware Config
Extracted
azorult
http://account.protonvpn.store/index.php
Targets
-
-
Target
2024-09-17_640a2b28957aeb7b3147b796a3e9fe57_magniber
-
Size
1.9MB
-
MD5
640a2b28957aeb7b3147b796a3e9fe57
-
SHA1
5998e9ec9a3574c62bb73179f5b212b19add2bc0
-
SHA256
403fe5fca6fe4c90585fbf7533c7755619a5d5455933b5798eaf95b14bd510ed
-
SHA512
4887f11085ae8ab85258445c1e902eb69901f9cb2720cf8251985662872d83aac150e32bbdb797fd2a6197da2b79a575b06ae70bef37ac403b2fb9d7f9ff7365
-
SSDEEP
49152:XbwTDIrh3crgiLGBLHTLJRPgMnlsEqSb0q5VWy7EeNL:8TDIrh3crkr5gMnlsEqGPtQAL
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-