Overview

overview

10

Static

static

Bitdefende...en.exe

windows7_x64

10

Bitdefende...en.exe

windows10_x64

10

Resubmissions

28-07-2021 23:12

210728-raqax3y1p6 10

21-03-2021 22:47

210321-bbqpxkhz8x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bitdefender.V10.f.r.Vista.keygen.zip

  • Size

    4.4MB

  • Sample

    210728-raqax3y1p6

  • MD5

    38372c1f099a9191dc803d22b3b5c9e6

  • SHA1

    25836ee64483bfe6273ca120a918d9d8b87aa9da

  • SHA256

    26111363366c2407a77c92724b16a8b0403b0f4f0ce5a0fc6f2f318a08e64cda

  • SHA512

    ab44e65b34105fe3e3052185f9a45bc4ea681caa8bca5edcd314a5860a4ab838073976290deb546cd35e8a88c8ca3145aa4f576e62b77fa0811380f2fd8ff3ff

Score
10/10
azorultponydiscoveryinfostealerpersistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

azorult

C2

http://kvaka.li/1210776429.php

Targets

    • Target

      Bitdefender.V10.f.r.Vista.keygen.exe

    • Size

      4.5MB

    • MD5

      184443aa7af874f2863252aa00d4b2dd

    • SHA1

      ecdbf97ba8e921cefc20a9c0033b0d99b658d183

    • SHA256

      97fce777966677d4558fbc1106efbd017a4ecbee65c4c652478405a9e171346b

    • SHA512

      6ebb27edf76dfb15726b712835158e16ed5dc064a29750766e15b12e37e18e1e8e7c23f5a3b428816c27fcbd67e611ed88cdbc1e54b2dd3fb82a16b34f915b33

    Score
    10/10
    azorultponydiscoveryinfostealerpersistenceratspywarestealersuricatatrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M16

      suricata

    • suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M3

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks