General

  • Target

    1d2acf43ac10c3f9834b217a9f17c1dc8ab04261b5e5c7a1309ab2ab42bd5e15

  • Size

    656KB

  • Sample

    201111-vf4dd1ph62

  • MD5

    cdefb178bd5917366f1ec0ad015e180f

  • SHA1

    6a7ea8fba21da4941dd9dccf111abc6788b97b34

  • SHA256

    1d2acf43ac10c3f9834b217a9f17c1dc8ab04261b5e5c7a1309ab2ab42bd5e15

  • SHA512

    fc61d3a836d67f72191c5641a817b650491bb468d035f3f180b3213f23effdba758144d9975caa4fd69925ff56eacea1ed2b1fe5c549812b89d61cb1899a88f1

Malware Config

Extracted

Family

azorult

C2

http://tong-honq.com/azo/amon/index.php

Targets

    • Target

      1d2acf43ac10c3f9834b217a9f17c1dc8ab04261b5e5c7a1309ab2ab42bd5e15

    • Size

      656KB

    • MD5

      cdefb178bd5917366f1ec0ad015e180f

    • SHA1

      6a7ea8fba21da4941dd9dccf111abc6788b97b34

    • SHA256

      1d2acf43ac10c3f9834b217a9f17c1dc8ab04261b5e5c7a1309ab2ab42bd5e15

    • SHA512

      fc61d3a836d67f72191c5641a817b650491bb468d035f3f180b3213f23effdba758144d9975caa4fd69925ff56eacea1ed2b1fe5c549812b89d61cb1899a88f1

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks