General

  • Target

    New Order.exe

  • Size

    1.4MB

  • Sample

    210118-7k3j4j4tl6

  • MD5

    fa74845f2f8dfe23104fc2d762ff1cf3

  • SHA1

    d402a70bc46d674be59091f9ef5822e19b730668

  • SHA256

    927a71433b9a6319596f77cd464971f343b5cdb6adb8b8ecce9f209ea7314f40

  • SHA512

    148adda151b8d07ebed7144db5799353892bc226c8dc01aa2c7c61fac34a2413e7f978f3303eff9baceba11f33ec71a4c8f6120da47c76da4fecd815deb8abb8

Malware Config

Extracted

Family

azorult

C2

http://45.137.22.102/index.php

Targets

    • Target

      New Order.exe

    • Size

      1.4MB

    • MD5

      fa74845f2f8dfe23104fc2d762ff1cf3

    • SHA1

      d402a70bc46d674be59091f9ef5822e19b730668

    • SHA256

      927a71433b9a6319596f77cd464971f343b5cdb6adb8b8ecce9f209ea7314f40

    • SHA512

      148adda151b8d07ebed7144db5799353892bc226c8dc01aa2c7c61fac34a2413e7f978f3303eff9baceba11f33ec71a4c8f6120da47c76da4fecd815deb8abb8

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks