Extracted

• • Target

    4e273f6d3be428836ea3a2a4d2428885b897736a39445284dd444060ed96b303N

  • Size

    661KB

  • MD5

    7ee6f3e2b9f3494a80d9fb5e6996a990

  • SHA1

    1c4dd34854daefb5c55d1bd7d51dd226b698d8c6

  • SHA256

    4e273f6d3be428836ea3a2a4d2428885b897736a39445284dd444060ed96b303

  • SHA512

    cef3892c0b2a412fd198a4f99192ee4b2c8494db487387130ebf6e8c5a3744e010b9dc0a092781f10398885314f2550dce8a13fc867cdbd7d38459a2c7b25a54

  • SSDEEP

    12288:Vh14kMN0TnvjcrhU8KNu0IfTDZIeW71cPtNlk24ZquPYh7EXHBjvrEH7Uu:Oki0TrcrhGIhW71cTlWkqYhQ1rEH7L

  Score

  10^/10

  azorultfloxifbackdoordiscoveryinfostealerpersistenceprivilege_escalationtrojanupx

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Floxif family

    floxif

  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif

  • Detects Floxif payload

    backdoor

  • Event Triggered Execution: AppInit DLLs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2