General

  • Target

    5521b4dbfdf622e74454581314c71ca803c42741008cadfab09e15d0359c8ab0

  • Size

    312KB

  • Sample

    220701-gx7mmahac6

  • MD5

    67d0b05b703c0f79adbc514f2067642e

  • SHA1

    3bb6a831f5d95da2da44d26ae9c6b35851f49829

  • SHA256

    5521b4dbfdf622e74454581314c71ca803c42741008cadfab09e15d0359c8ab0

  • SHA512

    0c9a151e6fa88732107fa482c01d80596bd3299f4d37a3860f742d28550ef9f25f3132c3ace23cfd70c39f6a87549305e04f1b7d7555e83fd1c4548cef300d50

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      5521b4dbfdf622e74454581314c71ca803c42741008cadfab09e15d0359c8ab0

    • Size

      312KB

    • MD5

      67d0b05b703c0f79adbc514f2067642e

    • SHA1

      3bb6a831f5d95da2da44d26ae9c6b35851f49829

    • SHA256

      5521b4dbfdf622e74454581314c71ca803c42741008cadfab09e15d0359c8ab0

    • SHA512

      0c9a151e6fa88732107fa482c01d80596bd3299f4d37a3860f742d28550ef9f25f3132c3ace23cfd70c39f6a87549305e04f1b7d7555e83fd1c4548cef300d50

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks