General

  • Target

    a3106e981a3c90e2512b5f67afdb8e8430fa3bc75cc11eab5541a7200ecd0fba.exe

  • Size

    684KB

  • Sample

    210120-q917hjjlz6

  • MD5

    d0e647af8626999e69f866e7974f6419

  • SHA1

    81aeca85212c7a72b7ada8e491ce6d59b57e0da4

  • SHA256

    a3106e981a3c90e2512b5f67afdb8e8430fa3bc75cc11eab5541a7200ecd0fba

  • SHA512

    330adcc7081b5bb3dd4042ebb81637e084373ce85b419466552ed164f78de2d848873aba3b64a4aa7ddb51b593174b952d7d6196c1bfaf091495126a569ab3c2

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      a3106e981a3c90e2512b5f67afdb8e8430fa3bc75cc11eab5541a7200ecd0fba.exe

    • Size

      684KB

    • MD5

      d0e647af8626999e69f866e7974f6419

    • SHA1

      81aeca85212c7a72b7ada8e491ce6d59b57e0da4

    • SHA256

      a3106e981a3c90e2512b5f67afdb8e8430fa3bc75cc11eab5541a7200ecd0fba

    • SHA512

      330adcc7081b5bb3dd4042ebb81637e084373ce85b419466552ed164f78de2d848873aba3b64a4aa7ddb51b593174b952d7d6196c1bfaf091495126a569ab3c2

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks