New Order.exe

General
Target

New Order.exe

Size

785KB

Sample

210421-jf8t9t45an

Score
10 /10
MD5

23df9b65361d18bcbab8d29f6a0b99c8

SHA1

f895389d4f366f7fcdced202ea7357195d8a8373

SHA256

fe740b0963f4003fcffab9a6455b66c78b1844c5b48fe0e61a68804484620f65

SHA512

09057fb93f8d1faa032b3414e1c34b804047eec36443d24242f568c96261f85629f487ab4373c6540e8f34d1d583182867bc3e9f0bb030c1faa4d508f27b8d44

Malware Config

Extracted

Family azorult
C2

http://149.248.35.254/index.php

Targets
Target

New Order.exe

MD5

23df9b65361d18bcbab8d29f6a0b99c8

Filesize

785KB

Score
10 /10
SHA1

f895389d4f366f7fcdced202ea7357195d8a8373

SHA256

fe740b0963f4003fcffab9a6455b66c78b1844c5b48fe0e61a68804484620f65

SHA512

09057fb93f8d1faa032b3414e1c34b804047eec36443d24242f568c96261f85629f487ab4373c6540e8f34d1d583182867bc3e9f0bb030c1faa4d508f27b8d44

Tags

Signatures

  • Azorult

    Description

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10