Extracted

• • Target

    Corona-virus-Map.com.bin

  • Size

    3.3MB

  • MD5

    73da2c02c6f8bfd4662dc84820dcd983

  • SHA1

    949b69bf87515ad8945ce9a79f68f8b788c0ae39

  • SHA256

    2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307

  • SHA512

    43daa65bc057abc5e07b909eb71361c8488863c7c8a4a271b426b06cb8c16d3f7db8e66051627a50d392ff088cd619e00a7ac075454dccf901a4271251c9c6e3

  • SSDEEP

    98304:r2cPK8o4ZhHpmaFDh62Z4BDksIslSOkXvR:iCKCZho6k2IDks/b8Z

  Score

  10^/10

  azorultdiscoveryevasioninfostealerspywarestealertrojanupx

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2