General

  • Target

    a1a96ef6b68b1d7ffad71f88ba85f414f7455cbd7abce1a4aa6b52613b109da4

  • Size

    1.2MB

  • Sample

    220521-a91xaaeehm

  • MD5

    53d3bfd42d255c505f734f236b12d652

  • SHA1

    bc943fe288d224253e85a7cea61ef500f9fef4bf

  • SHA256

    a1a96ef6b68b1d7ffad71f88ba85f414f7455cbd7abce1a4aa6b52613b109da4

  • SHA512

    e54ad5ebd40004d1a2d0f88cf779df9623174da4562c32d40e1762674481b350730008a9a6b533813b50afd807c6d39647e8be86ca0f5d5ce5258a76da7e5e9f

Malware Config

Extracted

Family

azorult

C2

http://authsw.ir/jsam/deyur/index.php

Targets

    • Target

      PO_TSP_7.EXE

    • Size

      277KB

    • MD5

      5a5a176f9c645104bf3e27572d2148e7

    • SHA1

      ea8462e5eedeca91f5a5d20d9a255c451578142d

    • SHA256

      b5d8ecbbad8f720d76400be6e85391ad4930bc9d77870579a1f36d77960648db

    • SHA512

      7d952945839083a15c86f5a15d81231f47c2e987949b7368f458a11ac9fa330eebf452a11459c688bde5d4d0620dde0fca9d05d7c615d25fb16b9b8417af16b4

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks