Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6165ccf33902415f411c981a6ce740bc.bin

  • Size

    354KB

  • Sample

    230518-q5e21sbg24

  • MD5

    6165ccf33902415f411c981a6ce740bc

  • SHA1

    45b2bb7295ed87c63fa32d040a3fcb58c9451c1c

  • SHA256

    a7f8ea157b43f41eee62a257ff09d62745fc2951b7fd80edc223b30e4bf5432c

  • SHA512

    769e8a10a2c76fffa8c4d9f9c683c55545e552e12d72da8d6d0f2c1873ea560ea6d5e9dfc6dea63abcf4838c99f0d43ddb31d6ba3feb1f03f3a07d8b4d35703e

  • SSDEEP

    6144:h4SUjhtXAPCRVb0DLj5VpQzmNGxzED+c5H9ByjuGHK2Tb+w/dd4OK/FtbSJPB7A/:6XAPCDgjhQqyzED+c5HHyjO2nHld4dFj

Malware Config

Extracted

Family

azorult

C2

http://gkonekt.shop/PL341/index.php

Targets

    • Target

      6165ccf33902415f411c981a6ce740bc.bin

    • Size

      354KB

    • MD5

      6165ccf33902415f411c981a6ce740bc

    • SHA1

      45b2bb7295ed87c63fa32d040a3fcb58c9451c1c

    • SHA256

      a7f8ea157b43f41eee62a257ff09d62745fc2951b7fd80edc223b30e4bf5432c

    • SHA512

      769e8a10a2c76fffa8c4d9f9c683c55545e552e12d72da8d6d0f2c1873ea560ea6d5e9dfc6dea63abcf4838c99f0d43ddb31d6ba3feb1f03f3a07d8b4d35703e

    • SSDEEP

      6144:h4SUjhtXAPCRVb0DLj5VpQzmNGxzED+c5H9ByjuGHK2Tb+w/dd4OK/FtbSJPB7A/:6XAPCDgjhQqyzED+c5HHyjO2nHld4dFj

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks