General

  • Target

    2014c919774db3d52dc854fcbc46755ff0932264fe0b0f39a23ad3911eccb8d9

  • Size

    270KB

  • Sample

    220520-p9jekacge8

  • MD5

    850a013c96e3a26b0a7fad8089b04534

  • SHA1

    d5335541b242df888df48a96875a1a55635efdc7

  • SHA256

    2014c919774db3d52dc854fcbc46755ff0932264fe0b0f39a23ad3911eccb8d9

  • SHA512

    55382684af8c3847008e0e3428351a43b383237699f2b2ff1d300078460abce170c4b0ba573aba118fda982b662089d2ba162d65124cf5e2cf8213fb50962ae4

Malware Config

Extracted

Family

azorult

C2

http://iscm.edu.ar/gold/32/index.php

Targets

    • Target

      quotation request.exe

    • Size

      401KB

    • MD5

      c37ea1e38b61b559cfa79afd09e142aa

    • SHA1

      746ca5a9ed2635bcca39b3fd6098d6cc2ed2d197

    • SHA256

      ff2a69d6c6bf6bce9060d0570e2aec5f88a964c46736e3860152895cf94449f2

    • SHA512

      83417481aa31c748253e67f022fe237173af36ca098fdceffc37adb78e109cbf4ae62df9965f6ad3f063f7ca055dddb6f3fb41deca0bc1f6edbc914ede8eef96

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14

      suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14

    • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

      suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks