Overview

overview

10

Static

static

1

ADDCDF9E3B...F4.exe

windows7-x64

10

ADDCDF9E3B...F4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ADDCDF9E3BAC722442FB269492FEA86E91D4E97EE5DF4.exe

  • Size

    8.0MB

  • Sample

    230325-qphszaeh91

  • MD5

    1ac70328ce1dea448647022c5b360a67

  • SHA1

    4f295ccfc7b7a2eeeec53df66d22743dbac301a6

  • SHA256

    addcdf9e3bac722442fb269492fea86e91d4e97ee5df4ca5c03515d534fb0c51

  • SHA512

    26192e10e1b095739fd2b193c199aa689b0f7d26d57bef9718ef1cee41b95e5b4113cc987cd1847a7a1f3e727f0601099bde92591d3e153ddb37fa36e4f897c5

  • SSDEEP

    196608:oKFIqkBPpjIwzMYsK6fg4/Lovsc+eQ5AdlH3sxAPflIKap:vkFAYsrfx8vJ+eQAd5sxAPmfp

Score
10/10
azorultdiscoveryinfostealertrojanvmprotect

Malware Config

Extracted

Family

azorult

C2

http://f0355889.xsph.ru/Panel/index.php

Targets

    • Target

      ADDCDF9E3BAC722442FB269492FEA86E91D4E97EE5DF4.exe

    • Size

      8.0MB

    • MD5

      1ac70328ce1dea448647022c5b360a67

    • SHA1

      4f295ccfc7b7a2eeeec53df66d22743dbac301a6

    • SHA256

      addcdf9e3bac722442fb269492fea86e91d4e97ee5df4ca5c03515d534fb0c51

    • SHA512

      26192e10e1b095739fd2b193c199aa689b0f7d26d57bef9718ef1cee41b95e5b4113cc987cd1847a7a1f3e727f0601099bde92591d3e153ddb37fa36e4f897c5

    • SSDEEP

      196608:oKFIqkBPpjIwzMYsK6fg4/Lovsc+eQ5AdlH3sxAPflIKap:vkFAYsrfx8vJ+eQAd5sxAPmfp

    Score
    10/10
    azorultdiscoveryinfostealertrojanvmprotect

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks