Overview

overview

10

Static

static

1

Подтв...ы.exe

windows7-x64

10

Подтв...ы.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Подтверждение оплаты.exe

  • Size

    183KB

  • Sample

    230313-h2gsfaha76

  • MD5

    f99952ddfded19b9ee7c0fd893bc67c3

  • SHA1

    68674af1e9ca690a3e2f2c693b2b1b8601a86aa9

  • SHA256

    35f51638db79fc84e255ab2062e9bd239faf523ff161cbcc613159d4db8a5a50

  • SHA512

    759b8956572877261e4676485e1a498227e07b796924e323cdfb0d7c7f5a9f779d5f4528b8006348b7f6302fecbf9683dbe6159163b90b85ee3b0b178d7eac8d

  • SSDEEP

    3072:GfY/TU9fE9PEtuMTSkvV0bM6/vS1RrSs3HT+1ze/8kP6uVeYxqJwTT7AbLPNZgVK:wYa60BAnSHrJy6RAJwTaYVK

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://85.31.45.29/office/index.php

Targets

    • Target

      Подтверждение оплаты.exe

    • Size

      183KB

    • MD5

      f99952ddfded19b9ee7c0fd893bc67c3

    • SHA1

      68674af1e9ca690a3e2f2c693b2b1b8601a86aa9

    • SHA256

      35f51638db79fc84e255ab2062e9bd239faf523ff161cbcc613159d4db8a5a50

    • SHA512

      759b8956572877261e4676485e1a498227e07b796924e323cdfb0d7c7f5a9f779d5f4528b8006348b7f6302fecbf9683dbe6159163b90b85ee3b0b178d7eac8d

    • SSDEEP

      3072:GfY/TU9fE9PEtuMTSkvV0bM6/vS1RrSs3HT+1ze/8kP6uVeYxqJwTT7AbLPNZgVK:wYa60BAnSHrJy6RAJwTaYVK

    Score
    10/10
    azorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks