General

  • Target

    D8043D746DC108AC0966B502B68DDEABA575E841EDFA2.exe

  • Size

    472KB

  • Sample

    210930-cgjteagae4

  • MD5

    39aa03c8bedfeb3ffec83ea5dff33e47

  • SHA1

    52fcffd16126dfe192f5956edccb5259eb8c5b91

  • SHA256

    d8043d746dc108ac0966b502b68ddeaba575e841edfa269e8392a747c6d63015

  • SHA512

    fa9de9d657fcb8ca63aaf3180c7cdcf6c4053b4bbab0a43365ad5fc0104d7f20aa0d49021aaad7b25eb8c3a07c8343ffd7f2f4f684b9aa875771fd1df32ffa7c

Malware Config

Extracted

Family

azorult

C2

http://www.11n.us/robin/index.php

Targets

    • Target

      D8043D746DC108AC0966B502B68DDEABA575E841EDFA2.exe

    • Size

      472KB

    • MD5

      39aa03c8bedfeb3ffec83ea5dff33e47

    • SHA1

      52fcffd16126dfe192f5956edccb5259eb8c5b91

    • SHA256

      d8043d746dc108ac0966b502b68ddeaba575e841edfa269e8392a747c6d63015

    • SHA512

      fa9de9d657fcb8ca63aaf3180c7cdcf6c4053b4bbab0a43365ad5fc0104d7f20aa0d49021aaad7b25eb8c3a07c8343ffd7f2f4f684b9aa875771fd1df32ffa7c

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

1
T1082

Tasks