Extracted

Extracted

• • Target

    RNSM00333.7z

  • Size

    2.6MB

  • MD5

    73c7199cad40284673528fb73187650b

  • SHA1

    69bd456a3d719830586ad233b2a5ca7f78174f24

  • SHA256

    718ccf80dfae80725fb06a9e2e55fcd728d12659ca905ce5e9f34ed9e1d7915d

  • SHA512

    461a5d32c3a426355c07085bd317a6e4430889cc0c303584c197c59c132e99ab354abfa44bbbbb5f95c8c8cb3b7a695dd96c8835ddb3a7f519e09b7870ac95d8

  • SSDEEP

    49152:bTQPXliVgR2BFwlFNbz8f6BRekpFIDIPOC+kRw4UwhmhW86jN7QBhE8ufhhfTgc6:bTQNjRSFwlLYCSIP+r3jhGjlQkvTPVbo

  Score

  10^/10

  azorultgozibankerdiscoveryevasioninfostealerisfbpersistencespywarestealertrojanupx

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1