General

  • Target

    624e5509cedfb8121623c45d583c18e8fc351bf881aafb5c2de521fccba60240.exe

  • Size

    236KB

  • Sample

    210506-gn4jlqrjve

  • MD5

    41a8eefc3266fe55a90e522a016f54d4

  • SHA1

    a3a931064476409dd4114cf01668860ad5dab37c

  • SHA256

    624e5509cedfb8121623c45d583c18e8fc351bf881aafb5c2de521fccba60240

  • SHA512

    bb4085fc421c007d0612a795285cdd00a3615ec51055648520dd23f95a2f1f7e643ca106b3ea5863b569048b3aba2bae30c021e9237294596d98ed42d8bba85e

Malware Config

Extracted

Family

azorult

C2

http://bengalcement.com.bd/AxPu/index.php

Targets

    • Target

      624e5509cedfb8121623c45d583c18e8fc351bf881aafb5c2de521fccba60240.exe

    • Size

      236KB

    • MD5

      41a8eefc3266fe55a90e522a016f54d4

    • SHA1

      a3a931064476409dd4114cf01668860ad5dab37c

    • SHA256

      624e5509cedfb8121623c45d583c18e8fc351bf881aafb5c2de521fccba60240

    • SHA512

      bb4085fc421c007d0612a795285cdd00a3615ec51055648520dd23f95a2f1f7e643ca106b3ea5863b569048b3aba2bae30c021e9237294596d98ed42d8bba85e

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks