General

  • Target

    2496ITPE21.r19

  • Size

    164KB

  • Sample

    210409-jl2fkj5pha

  • MD5

    303f82daaf1db53e55c4d86efe27314c

  • SHA1

    dcb7c7c7d28275c880d9a08bdbb5d40b1acfb45e

  • SHA256

    73aa930aa8bd8de617b66c8decc75a22908545c8736b17c6cc6623657886b95b

  • SHA512

    13dfd95f6665cf6c9ff6cad9c5cc0999ef27c5b1dab910704cb93bdab24cd0783ff53f3bd878b91685193f063753063a81dfb98c56e0c7955d6eb92262521a9f

Malware Config

Extracted

Family

azorult

C2

http://bengalcement.com.bd/AxPu/index.php

Targets

    • Target

      2496ITPE21.exe

    • Size

      310KB

    • MD5

      689e33a489d62c3156dc3169c3b4d27e

    • SHA1

      60ad37bd1e77d04038a5aa2ddc8302c88516bd2f

    • SHA256

      312354bee0e5c9ee675ee4e016f51399149a196eca5573d247e576b58bef0f12

    • SHA512

      1ae1ce6a9e15f49c544e295711c3e51a2c0bf94f1b97b83ede204b7eda59366eecc9a769df19c96e6fbd56ab4ccc50663b36207da7d29e9aafc2d8cc8c50a337

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks