Extracted

• • Target

    cfc18a036f28fc7a233ed8daaf747998a84b66fe3bd91d5decc45d61f1e45382.exe

  • Size

    930KB

  • MD5

    18cb6529a2a76b61525e325c8bcb655c

  • SHA1

    6f8a09e90e79d3ee48c8ff76bb89f76adc7a2ca1

  • SHA256

    cfc18a036f28fc7a233ed8daaf747998a84b66fe3bd91d5decc45d61f1e45382

  • SHA512

    80edaa6f24461f814f9748f8f67fb901e8731e89024d7e0239220282204601b9e7ba727968cb7086a63d3154a8e703242ac915e88dd7110c75224d35bb7d938d

  • SSDEEP

    24576:PuA8nLoZQSVTkp2jT6RJNBIQll+hQT2jiux5f:1AoZBop2juRFIQlluQsx1

  Score

  10^/10

  discoveryexecutionazorultinfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Blocklisted process makes network request

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2

• • Target

    $PLUGINSDIR/nsExec.dll

  • Size

    6KB

  • MD5

    51e63a9c5d6d230ef1c421b2eccd45dc

  • SHA1

    c499cdad5c613d71ed3f7e93360f1bbc5748c45d

  • SHA256

    cd8496a3802378391ec425dec424a14f5d30e242f192ec4eb022d767f9a2480f

  • SHA512

    c23d713c3c834b3397c2a199490aed28f28d21f5781205c24df5e1e32365985c8a55be58f06979df09222740ffa51f4da764ebc3d912cd0c9d56ab6a33cab522

  • SSDEEP

    96:W7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:Iygp3FcHi0xhYMR8dMqJVgN

  Score

  8^/10

  discovery

  • Downloads MZ/PE file

  behavioral3behavioral4