Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6471f1c24df8a904cc1082929f46c4acfd9ce5e93128b74e50968b627580ea81_JC.exe

  • Size

    197KB

  • Sample

    230815-s1w6vadd6t

  • MD5

    550dd68e9716d6e149608db46e72ed4c

  • SHA1

    111772b5f2fff7502a4bde6a2128ea114e1a0101

  • SHA256

    6471f1c24df8a904cc1082929f46c4acfd9ce5e93128b74e50968b627580ea81

  • SHA512

    88f7ec77f83b07c7e384de046e5f4b50f88fafddb59c110c37a636f50cec394ee7985e9957466f0eaf741dde8aa49417df62c594123db90eda96dafde71412fb

  • SSDEEP

    3072:3fY/TU9fE9PEtuUbJhhSWLC7tFWn2ZvKtQBDrXYYWd4RibzNrwlpC46J/RTluV0n:vYa6A/hSLG+KtQxhW7bzGCXJ/RTlBwpY

Malware Config

Extracted

Family

azorult

C2

http://csbo1.shop/MSB01/index.php

Targets

    • Target

      6471f1c24df8a904cc1082929f46c4acfd9ce5e93128b74e50968b627580ea81_JC.exe

    • Size

      197KB

    • MD5

      550dd68e9716d6e149608db46e72ed4c

    • SHA1

      111772b5f2fff7502a4bde6a2128ea114e1a0101

    • SHA256

      6471f1c24df8a904cc1082929f46c4acfd9ce5e93128b74e50968b627580ea81

    • SHA512

      88f7ec77f83b07c7e384de046e5f4b50f88fafddb59c110c37a636f50cec394ee7985e9957466f0eaf741dde8aa49417df62c594123db90eda96dafde71412fb

    • SSDEEP

      3072:3fY/TU9fE9PEtuUbJhhSWLC7tFWn2ZvKtQBDrXYYWd4RibzNrwlpC46J/RTluV0n:vYa6A/hSLG+KtQxhW7bzGCXJ/RTlBwpY

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks