General

  • Target

    ba55368a4cbd51083a053855134ef2744b9d246191babfa7a74af7d86177a2b8

  • Size

    195KB

  • Sample

    220521-a9rcvaeegn

  • MD5

    c8d7748efec00f0e2c1dc3ba79414b82

  • SHA1

    c2bcf7aa180f7904a1cc417a4b0486d83370bdd4

  • SHA256

    ba55368a4cbd51083a053855134ef2744b9d246191babfa7a74af7d86177a2b8

  • SHA512

    dfd1bf1b500f6bb2e315f2f6db29dde96a8bbc1489705a0154d40675c0e62e8332f9532671df4e090b2fe407e0163792c5ec6e459de65adab579a198e846f8bf

Malware Config

Extracted

Family

azorult

C2

http://51.116.180.53/index.php

Targets

    • Target

      PICTURE FOR ILLUSTRATION.exe

    • Size

      263KB

    • MD5

      835611e9c72462089c241d518923c5a3

    • SHA1

      dbc1c55264ce5e0f163341eacfa9c8869be78dc5

    • SHA256

      5447c2be0b0ec772c186a81fc56b8b1b30827b5298f1b05a9d6cb70e31a6901d

    • SHA512

      09811a7ba54651007a6b07fce2a79baafd1100d2742c82af6427829a9d3ae964565c629fa9fa8cc0d3fa182bf3ea4481cfa446fdb1218d905700ffd7061f3859

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks