General

  • Target

    5ae1bdb1e26f55b91de15649f09504939491ea665c7f6a1fe4998543754a4e72

  • Size

    301KB

  • Sample

    221130-rk8n9sbc7x

  • MD5

    bebdb37751c64f1adc2a77ffd9fd18c2

  • SHA1

    1dcb04ddcd5d8fa1f954023359ad3713b8d1c857

  • SHA256

    5ae1bdb1e26f55b91de15649f09504939491ea665c7f6a1fe4998543754a4e72

  • SHA512

    a6ceaf39bdcb8751d7913788b3f80a2e5b8210484d87a3ea3349e94e7acf649c520e2e8b7a551be7e2535da58e214d4dd4eceb1dea57175cc37041504c6c7250

  • SSDEEP

    6144:3jFLDMAYloj1/L8YEAQwgG5hYm/jZOXhaO:3jNDMAzjN4YEAF2fX8O

Malware Config

Extracted

Family

azorult

C2

http://illusionist.com.my/go/PL341/index.php

Targets

    • Target

      5ae1bdb1e26f55b91de15649f09504939491ea665c7f6a1fe4998543754a4e72

    • Size

      301KB

    • MD5

      bebdb37751c64f1adc2a77ffd9fd18c2

    • SHA1

      1dcb04ddcd5d8fa1f954023359ad3713b8d1c857

    • SHA256

      5ae1bdb1e26f55b91de15649f09504939491ea665c7f6a1fe4998543754a4e72

    • SHA512

      a6ceaf39bdcb8751d7913788b3f80a2e5b8210484d87a3ea3349e94e7acf649c520e2e8b7a551be7e2535da58e214d4dd4eceb1dea57175cc37041504c6c7250

    • SSDEEP

      6144:3jFLDMAYloj1/L8YEAQwgG5hYm/jZOXhaO:3jNDMAzjN4YEAF2fX8O

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks