Overview

overview

10

Static

static

48dfca30e7...8d.exe

windows7-x64

10

48dfca30e7...8d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48dfca30e793c613e9b56746f74408017a634fbc196b0f0eeea621ff89c5268d

  • Size

    1.8MB

  • Sample

    221130-pwj4yabb87

  • MD5

    fc973cbac8e6c4fed818e1266862b18c

  • SHA1

    a2420a8d7916d420e3f69d39c6a8892fbbf3a020

  • SHA256

    48dfca30e793c613e9b56746f74408017a634fbc196b0f0eeea621ff89c5268d

  • SHA512

    0d40206a13719070c0736d5de3932b9a6870eff220028ed3baaa8ffd3bc29e853bfa2391b0eba7eeb7ad1ba8d1473da257139619623b8f664590ccfa84c495f6

  • SSDEEP

    49152:cE6wpGMVLa1VTn/g0Od3IylIELsXrDMK43:cYx4Xn/gJxIy6xXrIK4

Score
10/10
azorultevasioninfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      48dfca30e793c613e9b56746f74408017a634fbc196b0f0eeea621ff89c5268d

    • Size

      1.8MB

    • MD5

      fc973cbac8e6c4fed818e1266862b18c

    • SHA1

      a2420a8d7916d420e3f69d39c6a8892fbbf3a020

    • SHA256

      48dfca30e793c613e9b56746f74408017a634fbc196b0f0eeea621ff89c5268d

    • SHA512

      0d40206a13719070c0736d5de3932b9a6870eff220028ed3baaa8ffd3bc29e853bfa2391b0eba7eeb7ad1ba8d1473da257139619623b8f664590ccfa84c495f6

    • SSDEEP

      49152:cE6wpGMVLa1VTn/g0Od3IylIELsXrDMK43:cYx4Xn/gJxIy6xXrIK4

    Score
    10/10
    azorultevasioninfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks