azorult

General

Target

99d4d18e906e44d3b08aede8237928a7a6866378516bd07695f2bca4fc8a954f
Size

1.0MB
Sample

220521-bq8nfsfdar
MD5

86105e7e57650439248e8ac3c1e8ffac
SHA1

647ce597bc8e8924e2dace60101323d8859d704e
SHA256

99d4d18e906e44d3b08aede8237928a7a6866378516bd07695f2bca4fc8a954f
SHA512

1844b5783cde603219e7e1fe8298a3cfbf5d5c376ec2f84c15f782633ded8dac51fba96c711b0dde70635a859bb7afc946d851c62ae8057636fde08229b7bcc1

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://217.160.254.33/index.php

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:03:03 AM MassLogger Started: 5/21/2022 4:02:44 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\TECHNICAL SHEET.exe MassLogger Melt: false MassLogger Exit after delivery: true As Administrator: True Processes:

Extracted

Credentials

Protocol: smtp
Host:
mail.mkontakt.az
Port:
587
Username:
[email protected]
Password:
Onyeoba111

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:02:39 AM MassLogger Started: 5/21/2022 4:02:08 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\TECHNICAL SHEET.exe MassLogger Melt: false MassLogger Exit after delivery: true As Administrator: True Processes:

Targets

- Target
  
  RFQ PC00056942.exe
- Size
  
  285KB
- MD5
  
  49226c62012170c00a4cccae8d61c363
- SHA1
  
  aa1af05c892e18e611f153263bd5582536243de6
- SHA256
  
  b7867882baba4d27ac04f4b537b20a90166c5d3c82247f84ed338cf7cafba649
- SHA512
  
  6a56506a92148ada8a9e0562fc6bc18c594cd4047108e9921d8d15ef5499b9628674b54ef37ed32a9c345c9c4ab43b4f983bd4ca77320da374991ef41f518da7
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  TECHNICAL SHEET.exe
- Size
  
  923KB
- MD5
  
  55126f1115a5e05fadd9d0f097273809
- SHA1
  
  f95d9e0be8191a2b3657584e5bcab782c1e36882
- SHA256
  
  d02c315a42a4a452a9e78011fbcce66f9f53bab788513d1b6f52e8fc70aa9f3c
- SHA512
  
  c2a8637b29326c90f1f8c828f7c762d9be203c1192a09f208b79c1d8627f82cd155bb5b5ac8a1ebc27338e7ff502d9f23c9b79a805e6b675afb7cd6f33585bab
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Suspicious use of SetThreadContext

MassLogger

MassLogger Main Payload

MassLogger log file

Checks computer location settings

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4