MALICIOUS Threat Names: Trojan.Generickd.37460607 Generic.Delph.PWS.FF722F75
DYNAMIC ANALYSIS REPORT #6972548 Classifications: Spyware AZORult Mal/Generic-S C2/Generic-A MALICIOUS Threat Names: Trojan.GenericKD.37460607 Generic.Delph.PWS.FF722F75 Verdict Reason: - Sample Type Windows Exe (x86-32) File Name Pi Request.exe ID #2651190 MD5 040026c9c18e8dc7ffc73f3790dbdf3b SHA1 70716c50c283b59eb9fd3137c68f9ff8a8824f56 SHA256 0768f66b3f6ee8f9f32520837cee96da8d725c789d82ba16771bbad740b737ee File Size 456.00 KB Report Created 2021-08-23 14:07 (UTC+2) Target Environment win10_64_th2_en_mso2016 | exe X-Ray Vision for Malware - www.vmray.com 1 / 37 DYNAMIC ANALYSIS REPORT #6972548 OVERVIEW VMRay Threat Identifiers (23 rules, 99 matches) Score Category Operation Count Classification 5/5 YARA Malicious content matched by YARA rules 1 Spyware • Rule "Azorult_Generic" from ruleset "Malware" has matched on a memory dump for (process #2) pi request.exe. 5/5 Data Collection Tries to read cached credentials of various applications 1 Spyware • Tries to read sensitive data of: Chromium, Sputnik, FileZilla, Pidgin, Comodo Dragon, Vivaldi, Torch, WinSCP, CocCoc, Chrome Canar... ...t Explorer / Edge, Google Chrome, Chedot, Comodo IceDragon, Cyberfox, Orbitum, Amigo, Mozilla Firefox, Kometa, CentBrowser, 7Star. 4/5 Antivirus Malicious content was detected by heuristic scan 2 - • Built-in AV detected the sample itself as "Trojan.GenericKD.37460607". • Built-in AV detected a memory dump of (process #2) pi request.exe as "Generic.Delph.PWS.FF722F75". 4/5 Reputation Known malicious file 1 - • Reputation analysis labels the sample itself as "Mal/Generic-S". 4/5 Reputation Contacts known malicious URL 1 - • Reputation analysis labels the URL "208.167.239.179/index.php" which was contacted by (process #2) pi request.exe as "C2/Generic-A". 2/5 Data Collection Reads sensitive browser data 23 - • (Process #2) pi request.exe tries to read sensitive data of web browser "Mozilla Firefox" by file.
[Show full text]