General

  • Target

    Worksheet.exe

  • Size

    786KB

  • Sample

    210422-hv5h9kzhgj

  • MD5

    5facfb9ed998b8f292da114f84cabb06

  • SHA1

    98b47094b6be743971163327715cf052142ab7f7

  • SHA256

    b3b81c1169d7c9595f001b4b97fd871b78f3dbd7c1062df1587518219dafb7bd

  • SHA512

    a8c7c5004dce32e2d023954ebe04937a1860c9133a26d7186a0c22828d6747cb03e86ea4098c71c762c1572be54ca7e3d1d9357dafd636bb3b39ffcc0acb7163

Malware Config

Extracted

Family

azorult

C2

http://31.210.20.121/index.php

Targets

    • Target

      Worksheet.exe

    • Size

      786KB

    • MD5

      5facfb9ed998b8f292da114f84cabb06

    • SHA1

      98b47094b6be743971163327715cf052142ab7f7

    • SHA256

      b3b81c1169d7c9595f001b4b97fd871b78f3dbd7c1062df1587518219dafb7bd

    • SHA512

      a8c7c5004dce32e2d023954ebe04937a1860c9133a26d7186a0c22828d6747cb03e86ea4098c71c762c1572be54ca7e3d1d9357dafd636bb3b39ffcc0acb7163

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks