General

  • Target

    3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9.exe

  • Size

    662KB

  • Sample

    210120-3bm1qqwzmx

  • MD5

    06904ee5e04abada43cb86d7a0457b5e

  • SHA1

    749902ad199c0c1063ec0c0150db410f8579c54b

  • SHA256

    3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9

  • SHA512

    cb79a70da1d32501ed647b69198804eb37774624910b97a600c0a07a0aacd54ca1eec6e42261e4df7f4590c746e573aae4ace775d21d22577d472cc31cdd5016

Malware Config

Extracted

Family

azorult

C2

http://al-ifah.com/PL341/index.php

Targets

    • Target

      3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9.exe

    • Size

      662KB

    • MD5

      06904ee5e04abada43cb86d7a0457b5e

    • SHA1

      749902ad199c0c1063ec0c0150db410f8579c54b

    • SHA256

      3827b74e0bdab2de9236a5157690e90526a50d128e18f869b3d283c1a09069e9

    • SHA512

      cb79a70da1d32501ed647b69198804eb37774624910b97a600c0a07a0aacd54ca1eec6e42261e4df7f4590c746e573aae4ace775d21d22577d472cc31cdd5016

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks