General
-
Target
keygen-step-1.exe
-
Size
112KB
-
Sample
241214-n5dg3sspgk
-
MD5
43eb47b71c9f1003adc2d0f108d2679c
-
SHA1
5965eb51d289dc79ab56cb995d47f371472d4846
-
SHA256
913ee402508d3b9e7e55e1051f16a358ce78c19b4e07c6f234f4b73602802fa1
-
SHA512
7713cfcf2e1aae2ddc4dab14f4f7f1a4f5a414f87f75a2371fe261edceb9882b935a6044dd0fd1b88fc11cc9b044672fb14a91987806e3afff9df74fd6f5eee0
-
SSDEEP
3072:KExRaX6raoCoCyz6/mqv1JR+yBtGOeaeWgiroq:faZ1tme++wiT
Behavioral task
behavioral1
Sample
keygen-step-1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
http://upqx.ru/1210776429.php
Targets
-
-
Target
keygen-step-1.exe
-
Size
112KB
-
MD5
43eb47b71c9f1003adc2d0f108d2679c
-
SHA1
5965eb51d289dc79ab56cb995d47f371472d4846
-
SHA256
913ee402508d3b9e7e55e1051f16a358ce78c19b4e07c6f234f4b73602802fa1
-
SHA512
7713cfcf2e1aae2ddc4dab14f4f7f1a4f5a414f87f75a2371fe261edceb9882b935a6044dd0fd1b88fc11cc9b044672fb14a91987806e3afff9df74fd6f5eee0
-
SSDEEP
3072:KExRaX6raoCoCyz6/mqv1JR+yBtGOeaeWgiroq:faZ1tme++wiT
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1