General

  • Target

    Proforma Invoice14042187605521.exe

  • Size

    153KB

  • Sample

    210414-9ehfgabakj

  • MD5

    84416741172c64875fd3a5bf65ad0d33

  • SHA1

    38a182bf622da5a8ba495d4c6abf57733e49520a

  • SHA256

    8d5b4d92380ec07bdb8ba955f67217995c5e32580a36f443f5f5b670aa1568fc

  • SHA512

    b45408a0b02510f19442e938197870648e72ae373b2054c626e5a2a3257c24f736b4b8e90466b411e5f0d5ce4e49c3b36b6ba65f4ba217de4f1af5c39222b2cd

Malware Config

Extracted

Family

azorult

C2

http://cupazo.co.in/TyBmo/index.php

Targets

    • Target

      Proforma Invoice14042187605521.exe

    • Size

      153KB

    • MD5

      84416741172c64875fd3a5bf65ad0d33

    • SHA1

      38a182bf622da5a8ba495d4c6abf57733e49520a

    • SHA256

      8d5b4d92380ec07bdb8ba955f67217995c5e32580a36f443f5f5b670aa1568fc

    • SHA512

      b45408a0b02510f19442e938197870648e72ae373b2054c626e5a2a3257c24f736b4b8e90466b411e5f0d5ce4e49c3b36b6ba65f4ba217de4f1af5c39222b2cd

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks