General

  • Target

    nv.exe

  • Size

    833KB

  • Sample

    210718-at8cdbzh3s

  • MD5

    43deb9e60877d57aba0d166976f9a735

  • SHA1

    12ff19d78c9e45c97b279e14761015f3bb02575a

  • SHA256

    7407ee3e8721c552cb38ffd1d8e35cd78838443499b51670b5175fdccb6d4961

  • SHA512

    2971576648dee5f860480f68695ab29288c8f4129230eb8d5ab8707ca5e649bd75a6451a288e68b6c73a73dfed6a9b374300df5f15769666d3433ac245caae27

Malware Config

Extracted

Family

azorult

C2

http://136.144.41.135/xox/index.php

Targets

    • Target

      nv.exe

    • Size

      833KB

    • MD5

      43deb9e60877d57aba0d166976f9a735

    • SHA1

      12ff19d78c9e45c97b279e14761015f3bb02575a

    • SHA256

      7407ee3e8721c552cb38ffd1d8e35cd78838443499b51670b5175fdccb6d4961

    • SHA512

      2971576648dee5f860480f68695ab29288c8f4129230eb8d5ab8707ca5e649bd75a6451a288e68b6c73a73dfed6a9b374300df5f15769666d3433ac245caae27

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks