General

  • Target

    f0a25b2f346ae8c2d498d41e7cf0280a5de35a6312f2773b2c6baa6fabda7066

  • Size

    309KB

  • Sample

    221003-krh9mahcdm

  • MD5

    0b720ca391eda273f0743a513c4655fb

  • SHA1

    4e6378e61635acd1204ea6a12a8cabc62bab9d4d

  • SHA256

    f0a25b2f346ae8c2d498d41e7cf0280a5de35a6312f2773b2c6baa6fabda7066

  • SHA512

    7217d829db8a8ae645d1b0e865f3c2461ff97344a90472d682b098d8afd75cc447884161ff650defbdb869c5d63e2675d6cbefcb9e49c105fc97133cdc43d47c

  • SSDEEP

    3072:x4DN4LqnKFvFJt8aBOTKbepcQDI4Hss3C/MuhQb89gWCDT71hEbaFSkjiRrPwHq:xuqenKFKaUdpcQDl4/289ha+

Malware Config

Extracted

Family

azorult

C2

http://blsrsr.shop/PL341/index.php

Targets

    • Target

      f0a25b2f346ae8c2d498d41e7cf0280a5de35a6312f2773b2c6baa6fabda7066

    • Size

      309KB

    • MD5

      0b720ca391eda273f0743a513c4655fb

    • SHA1

      4e6378e61635acd1204ea6a12a8cabc62bab9d4d

    • SHA256

      f0a25b2f346ae8c2d498d41e7cf0280a5de35a6312f2773b2c6baa6fabda7066

    • SHA512

      7217d829db8a8ae645d1b0e865f3c2461ff97344a90472d682b098d8afd75cc447884161ff650defbdb869c5d63e2675d6cbefcb9e49c105fc97133cdc43d47c

    • SSDEEP

      3072:x4DN4LqnKFvFJt8aBOTKbepcQDI4Hss3C/MuhQb89gWCDT71hEbaFSkjiRrPwHq:xuqenKFKaUdpcQDl4/289ha+

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks