General

  • Target

    dbf57bf7baf731e6ab815367c3f0c0735861500917d41b4f6f1ac04e9ad4ea43

  • Size

    232KB

  • Sample

    220520-hx9bwsabdq

  • MD5

    c4f720612a7e895dcf4426ebc8be6cd5

  • SHA1

    6ffd2b6365ca8b1a93607d6a10c1734049071343

  • SHA256

    dbf57bf7baf731e6ab815367c3f0c0735861500917d41b4f6f1ac04e9ad4ea43

  • SHA512

    b4a5b9e1eb91fef910a82e62c619fc75019d5f35c498587cc18e794b2371ba2949c40dd851b87367fbd91f842850165da3ae411de796652d77e2249f8cd9ee2b

Malware Config

Extracted

Family

azorult

C2

http://103.125.191.102/ssm/index.php

Targets

    • Target

      Voice_WAV.exe

    • Size

      597KB

    • MD5

      701132d3579a9ad10a166bc9642dd3fc

    • SHA1

      2f8e0017bd626ee6a14e12768265aad7aa9e9051

    • SHA256

      9aa293eaf7a59ecd7359c5ad700d50cef8fee1bd9f4d92831abda3f74226e31c

    • SHA512

      3c4ba95363398b3eac415f33eaea14abf3c54b71862cbc39d7ff5141a0464a46630a161d217215f6669ef469435ff46236bcca61584109fd4cfe7d0a78e1db1a

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks