Overview

overview

10

Static

static

56a7ba5c7f...e3.exe

windows7_x64

6

56a7ba5c7f...e3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56a7ba5c7f4590079508c1b90bfd200d00838daee3fbcd5602d7299fa0cbc4e3.exe

  • Size

    1.4MB

  • Sample

    220521-yh3hssdba7

  • MD5

    ce63c7d7e1c6061821b2d9f8aa367b85

  • SHA1

    b033a872e912af46b61768c2e69c5884ae658425

  • SHA256

    56a7ba5c7f4590079508c1b90bfd200d00838daee3fbcd5602d7299fa0cbc4e3

  • SHA512

    1536ca01379edc70cfea6775768202ea6e7b7acd879527a6e3bd38f409a4994d01e8c22d9421ccc0bb67326de271eca1ca60f3ba27210560321664a8ed074cac

Score
10/10
azorultinfostealerpersistencetrojan

Malware Config

Extracted

Family

azorult

C2

http://bl1we4t.xyz/index.php

Targets

    • Target

      56a7ba5c7f4590079508c1b90bfd200d00838daee3fbcd5602d7299fa0cbc4e3.exe

    • Size

      1.4MB

    • MD5

      ce63c7d7e1c6061821b2d9f8aa367b85

    • SHA1

      b033a872e912af46b61768c2e69c5884ae658425

    • SHA256

      56a7ba5c7f4590079508c1b90bfd200d00838daee3fbcd5602d7299fa0cbc4e3

    • SHA512

      1536ca01379edc70cfea6775768202ea6e7b7acd879527a6e3bd38f409a4994d01e8c22d9421ccc0bb67326de271eca1ca60f3ba27210560321664a8ed074cac

    Score
    10/10
    persistenceazorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks