General

  • Target

    37aa3833c138e4863d8df4066521ad81b920c5801663d7e7c9da8487f684db79.exe

  • Size

    1.4MB

  • Sample

    220514-q5nzxscdfm

  • MD5

    d0d83709bc59685b80a97eff453f2fa0

  • SHA1

    2b642a576e00f8bbe3272c65d7c11619b9590b48

  • SHA256

    37aa3833c138e4863d8df4066521ad81b920c5801663d7e7c9da8487f684db79

  • SHA512

    555555a12f53b775a58f7a2be5eb036bbbfb2ce602ef3fa0c33609205fe1d813151012d9cf348ea9b168b423e4e011f1a907d7603f6963d9e467ba9f6ac26d5c

Malware Config

Extracted

Family

azorult

C2

http://bl1we4t.xyz/index.php

Targets

    • Target

      37aa3833c138e4863d8df4066521ad81b920c5801663d7e7c9da8487f684db79.exe

    • Size

      1.4MB

    • MD5

      d0d83709bc59685b80a97eff453f2fa0

    • SHA1

      2b642a576e00f8bbe3272c65d7c11619b9590b48

    • SHA256

      37aa3833c138e4863d8df4066521ad81b920c5801663d7e7c9da8487f684db79

    • SHA512

      555555a12f53b775a58f7a2be5eb036bbbfb2ce602ef3fa0c33609205fe1d813151012d9cf348ea9b168b423e4e011f1a907d7603f6963d9e467ba9f6ac26d5c

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks