General

  • Target

    3c83b053d2e1996f3e5bc5d8bc483fdd3362c9e3a746fe05ef0f2cd7f050f2ea

  • Size

    981KB

  • Sample

    220703-h1zlvsaacm

  • MD5

    e8d1567ad668e268eda4cad7e03fcc55

  • SHA1

    19be22d86970dd2fd38291468fe96e4c077267df

  • SHA256

    3c83b053d2e1996f3e5bc5d8bc483fdd3362c9e3a746fe05ef0f2cd7f050f2ea

  • SHA512

    e33b4ee83d874573bf8a97f83d445e9a2cdbc9f11d3a29e85e0bfd95bc824a13b2fe479cc0eae49e4f60e3eab380e3657bf553855e03ffb565498b2c0e34d4c2

Malware Config

Extracted

Family

azorult

C2

http://bixtoj.gq/0117/index.php

Targets

    • Target

      3c83b053d2e1996f3e5bc5d8bc483fdd3362c9e3a746fe05ef0f2cd7f050f2ea

    • Size

      981KB

    • MD5

      e8d1567ad668e268eda4cad7e03fcc55

    • SHA1

      19be22d86970dd2fd38291468fe96e4c077267df

    • SHA256

      3c83b053d2e1996f3e5bc5d8bc483fdd3362c9e3a746fe05ef0f2cd7f050f2ea

    • SHA512

      e33b4ee83d874573bf8a97f83d445e9a2cdbc9f11d3a29e85e0bfd95bc824a13b2fe479cc0eae49e4f60e3eab380e3657bf553855e03ffb565498b2c0e34d4c2

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks