Extracted

• • Target

    COD 09256214__et__t_, _____st__ 2024_765124.PDF.exe

  • Size

    629KB

  • MD5

    f34d46989b27c8a7c40d395b0afd9c86

  • SHA1

    e4a7ec238d8435b094c5a38a601e133da646b4fb

  • SHA256

    0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11

  • SHA512

    ed53d43fdc9f1d075d94de4e79bf8631655c30a5571d5e6e3971a3a5a3a14ddaff16361df4824ad342d2375e195a0a3c8c5b6b303ee10e244a3c6d2626a5c826

  • SSDEEP

    12288:6ZZIH53gbcNk10Fu8ndvsFTEf5yFqfKLRm2/gx0xI4BOiOycDbmmpS45cZbtTkR:dHKbcNk10FBEGfWqp+gqI441FJpSBXG

  Score

  10^/10

  azorultdiscoveryexecutioninfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2