General
-
Target
28a0058cbb3eb467a650f4589dab9d2ab12765ea07d28534bd69351dc6093e0fN.exe
-
Size
192KB
-
Sample
241216-tjljfsvkb1
-
MD5
18a79c670207a856be0fcbc58a4c6b70
-
SHA1
8fe96a186e90dd0ce306fcfbe54056ae1c5ecf07
-
SHA256
28a0058cbb3eb467a650f4589dab9d2ab12765ea07d28534bd69351dc6093e0f
-
SHA512
005ceb943b073f8707afd91f468e87098c7add930cd97ea668de4937ec441fa6d593b5f9dd07b53a9949cdbf3187d11b864261d7d53eddea55b9d9a9d0ad82bf
-
SSDEEP
3072:EGPMlTjUYLCLoz12cFfi0HDYaKf7/t5uXwEdeTuTROMX9:ePaoUZOMHf7/tQ1eTQ7
Static task
static1
Behavioral task
behavioral1
Sample
28a0058cbb3eb467a650f4589dab9d2ab12765ea07d28534bd69351dc6093e0fN.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
28a0058cbb3eb467a650f4589dab9d2ab12765ea07d28534bd69351dc6093e0fN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
xworm
5.0
ingles-52514.portmap.host:52514
9Vc1HafYmpvbkdVv
-
install_file
USB.exe
Targets
-
-
Target
28a0058cbb3eb467a650f4589dab9d2ab12765ea07d28534bd69351dc6093e0fN.exe
-
Size
192KB
-
MD5
18a79c670207a856be0fcbc58a4c6b70
-
SHA1
8fe96a186e90dd0ce306fcfbe54056ae1c5ecf07
-
SHA256
28a0058cbb3eb467a650f4589dab9d2ab12765ea07d28534bd69351dc6093e0f
-
SHA512
005ceb943b073f8707afd91f468e87098c7add930cd97ea668de4937ec441fa6d593b5f9dd07b53a9949cdbf3187d11b864261d7d53eddea55b9d9a9d0ad82bf
-
SSDEEP
3072:EGPMlTjUYLCLoz12cFfi0HDYaKf7/t5uXwEdeTuTROMX9:ePaoUZOMHf7/tQ1eTQ7
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1