Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 1709
- * MalFamily: "Azorult"
- * MalScore: 10.0
- * File Name: "AZORult_cc66a26a855d294b0f3817447fcb8246.exe"
- * File Size: 658432
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "85c886e2039791f85fdf3e9fe0e770f13ec0f7c0329fd6169f4c5d8e4539b219"
- * MD5: "cc66a26a855d294b0f3817447fcb8246"
- * SHA1: "cd484a064328515c0d51d4869788b6f4db553399"
- * SHA512: "053cf6636bdcb330fa218646dc27d9027324abaf8179a3b18870dbb90f83fffa2c2ad7e4bc6e121721243201bfcb23d04f3b3d892f67d7775bdff497e4884d8a"
- * CRC32: "2F21D793"
- * SSDEEP: "12288:zXaqBTC3kEFwmZZnbkEg5DD8LyTsEgc6dzTEb3N:zXpTNEumZZnbkEg5DD8uT5Id3a"
- * Process Execution:
- "1zfFyuGmqgN.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
- "Details":
- "Description": "Behavioural detection: Executable code extraction",
- "Details":
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details":
- "process": "1zfFyuGmqgN.exe, PID 3876"
- "Description": "Performs HTTP requests potentially not found in PCAP.",
- "Details":
- "url_ioc": "bruxara.com:80//index.php"
- "Description": "CAPE detected the Azorult malware family",
- "Details":
- "Description": "File has been identified by 22 Antiviruses on VirusTotal as malicious",
- "Details":
- "MicroWorld-eScan": "Gen:Variant.Fugrafa.4267"
- "FireEye": "Generic.mg.cc66a26a855d294b"
- "McAfee": "Packed-FVK!CC66A26A855D"
- "Cybereason": "malicious.643285"
- "Arcabit": "Trojan.Fugrafa.D10AB"
- "Symantec": "ML.Attribute.HighConfidence"
- "APEX": "Malicious"
- "BitDefender": "Gen:Variant.Fugrafa.4267"
- "Endgame": "malicious (high confidence)"
- "Emsisoft": "Gen:Variant.Fugrafa.4267 (B)"
- "Comodo": "TrojWare.Win32.Cerber.AV@6ffira"
- "McAfee-GW-Edition": "Packed-FVK!CC66A26A855D"
- "SentinelOne": "DFI - Suspicious PE"
- "GData": "Gen:Variant.Fugrafa.4267"
- "Acronis": "suspicious"
- "VBA32": "BScope.Exploit.Shellcode"
- "ALYac": "Gen:Variant.Fugrafa.4267"
- "MAX": "malware (ai score=81)"
- "Ad-Aware": "Gen:Variant.Fugrafa.4267"
- "ESET-NOD32": "a variant of Win32/Kryptik.GVYE"
- "CrowdStrike": "win/malicious_confidence_90% (W)"
- "Qihoo-360": "HEUR/QVM10.1.D71E.Malware.Gen"
- "Description": "Collects information to fingerprint the system",
- "Details":
- * Started Service:
- * Mutexes:
- "Local\\_!MSFTHISTORY!_",
- "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
- "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
- "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
- "A81FB8C6-0BBE6E18-6FC9B5DB-536DA455-933946726"
- * Modified Files:
- "\\??\\PIPE\\wkssvc",
- "\\??\\PIPE\\DAV RPC SERVICE",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat"
- * Deleted Files:
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MediaResources\\msvideo"
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "bruxara.com",
- "answers":
- * Domains:
- "ip": "91.211.246.23",
- "domain": "bruxara.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
