General
-
Target
9b2a9d2d3db782a88b2db346864bb53ab0e08b02463555f9cd394327d1d41414.lnk
-
Size
1KB
-
Sample
241016-fx1zeathnh
-
MD5
24b35581ca3b4d40271e57c85e296acb
-
SHA1
06772cefa2064960b2db126373dc65cb39aca466
-
SHA256
9b2a9d2d3db782a88b2db346864bb53ab0e08b02463555f9cd394327d1d41414
-
SHA512
4d828fe1d9bed99f9616f84cce7893ea69923f07dd75a3da8e1e5b2bb840ddaa642aa8187721d0a198c1700413df4c79387419c7376a8d704e7bfb644d18c1da
Static task
static1
Behavioral task
behavioral1
Sample
9b2a9d2d3db782a88b2db346864bb53ab0e08b02463555f9cd394327d1d41414.lnk
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9b2a9d2d3db782a88b2db346864bb53ab0e08b02463555f9cd394327d1d41414.lnk
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
http://h8m5b.shop/ML341/index.php
Targets
-
-
Target
9b2a9d2d3db782a88b2db346864bb53ab0e08b02463555f9cd394327d1d41414.lnk
-
Size
1KB
-
MD5
24b35581ca3b4d40271e57c85e296acb
-
SHA1
06772cefa2064960b2db126373dc65cb39aca466
-
SHA256
9b2a9d2d3db782a88b2db346864bb53ab0e08b02463555f9cd394327d1d41414
-
SHA512
4d828fe1d9bed99f9616f84cce7893ea69923f07dd75a3da8e1e5b2bb840ddaa642aa8187721d0a198c1700413df4c79387419c7376a8d704e7bfb644d18c1da
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-