General

  • Target

    DEKONT.exe

  • Size

    338KB

  • Sample

    210624-8vqyhvgdz2

  • MD5

    24676c7286358c4db1b693c07032b737

  • SHA1

    bb0377a8fdd9b8a7b16d4932f76d5c6dd2cb193d

  • SHA256

    08bb58c8a18dae95ca3131728861a226549301b13e23d7adff0ac5d94e75129a

  • SHA512

    0e625ad092ccc6b10ad49061ae69f0ea92eeb70511f8dea22f6058d91fc0ac0c3d5f3dac1a91f13d6e1275b955fdf16ba7a9a42013208dd1b7e8199c8e3f7a8c

Malware Config

Extracted

Family

azorult

C2

http://smkn1cilegon.sch.id/huPI/index.php

Targets

    • Target

      DEKONT.exe

    • Size

      338KB

    • MD5

      24676c7286358c4db1b693c07032b737

    • SHA1

      bb0377a8fdd9b8a7b16d4932f76d5c6dd2cb193d

    • SHA256

      08bb58c8a18dae95ca3131728861a226549301b13e23d7adff0ac5d94e75129a

    • SHA512

      0e625ad092ccc6b10ad49061ae69f0ea92eeb70511f8dea22f6058d91fc0ac0c3d5f3dac1a91f13d6e1275b955fdf16ba7a9a42013208dd1b7e8199c8e3f7a8c

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks