General

  • Target

    9aa293eaf7a59ecd7359c5ad700d50cef8fee1bd9f4d92831abda3f74226e31c

  • Size

    597KB

  • Sample

    220520-hx8qcsfbc8

  • MD5

    701132d3579a9ad10a166bc9642dd3fc

  • SHA1

    2f8e0017bd626ee6a14e12768265aad7aa9e9051

  • SHA256

    9aa293eaf7a59ecd7359c5ad700d50cef8fee1bd9f4d92831abda3f74226e31c

  • SHA512

    3c4ba95363398b3eac415f33eaea14abf3c54b71862cbc39d7ff5141a0464a46630a161d217215f6669ef469435ff46236bcca61584109fd4cfe7d0a78e1db1a

Malware Config

Extracted

Family

azorult

C2

http://103.125.191.102/ssm/index.php

Targets

    • Target

      9aa293eaf7a59ecd7359c5ad700d50cef8fee1bd9f4d92831abda3f74226e31c

    • Size

      597KB

    • MD5

      701132d3579a9ad10a166bc9642dd3fc

    • SHA1

      2f8e0017bd626ee6a14e12768265aad7aa9e9051

    • SHA256

      9aa293eaf7a59ecd7359c5ad700d50cef8fee1bd9f4d92831abda3f74226e31c

    • SHA512

      3c4ba95363398b3eac415f33eaea14abf3c54b71862cbc39d7ff5141a0464a46630a161d217215f6669ef469435ff46236bcca61584109fd4cfe7d0a78e1db1a

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks