General

  • Target

    2f44a85e551b92871c892d9ff098673868e5a61b157a722e47e505c835549f09

  • Size

    1.2MB

  • Sample

    220520-3bqymsbefk

  • MD5

    af6f2dab0c8b2798717dd76b0707e696

  • SHA1

    b9deca68056c397d246804f9bb0bae594411daa8

  • SHA256

    2f44a85e551b92871c892d9ff098673868e5a61b157a722e47e505c835549f09

  • SHA512

    02557b50b39ae73fc19401dfd5c37cf2d25a6f0dfdabfd2501f4626b1ae513c2a633bd5bdd94985443dabc3561dbcf56bdfc070fa8beb570fff4f9ee53dd35b9

Malware Config

Extracted

Family

azorult

C2

http://charle03.testok.testforhost.com/index.php

Targets

    • Target

      2f44a85e551b92871c892d9ff098673868e5a61b157a722e47e505c835549f09

    • Size

      1.2MB

    • MD5

      af6f2dab0c8b2798717dd76b0707e696

    • SHA1

      b9deca68056c397d246804f9bb0bae594411daa8

    • SHA256

      2f44a85e551b92871c892d9ff098673868e5a61b157a722e47e505c835549f09

    • SHA512

      02557b50b39ae73fc19401dfd5c37cf2d25a6f0dfdabfd2501f4626b1ae513c2a633bd5bdd94985443dabc3561dbcf56bdfc070fa8beb570fff4f9ee53dd35b9

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks