Extracted

• • Target

    722ef401e5cbb067c5c33faa402774d3c75ef08e0c8cc4d7e66a9cfa53684088.exe

  • Size

    483KB

  • MD5

    7a0093c743fc33a5e111f2fec269f79b

  • SHA1

    feadb2ca02d41f2d834b8577f39a582d4bdd734f

  • SHA256

    722ef401e5cbb067c5c33faa402774d3c75ef08e0c8cc4d7e66a9cfa53684088

  • SHA512

    77cade5a9e48f8d1da6e689a7881b23a1be165f1be8f26059458766e6fc4db8c03c058beb19dd0f644aebd218371ef487fe31a086e6fbc7089976d0802010eee

  • SSDEEP

    12288:9ydPkF/ZAC8I1SkXHmjQ961/Tl9/EHDO2wb:U+F/ZA/8SkXx61LIHDO

  Score

  10^/10

  azorultdiscoveryexecutioninfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2