General

  • Target

    Azure Logger.zip

  • Size

    78.6MB

  • Sample

    230907-2z9j8afa9y

  • MD5

    27355d8a2ed7dcca37cbf505f75171f2

  • SHA1

    d9b87059f47fb66a48cc5b92ba801cd47cc3af0b

  • SHA256

    3aab1234fa979e2b55341d15b20b4d0bcc19ca1d0d775aa126fec690c50ab902

  • SHA512

    16ccb32756edf601a4d4cb61ff63374d7c9fe4c0f792082f79064e8a2f136855828a9ecb04b630968eb161cb916a172d0f9446921d42cfd66b292ec7c1f64192

  • SSDEEP

    1572864:1lGKbL0v49VuazK2yOXk45pULLyEhsLXDyWcXPESbcPIk2NH:14y9Eau2yal5pUGnLTy78SbcPIp

Malware Config

Targets

    • Target

      Azure Logger.zip

    • Size

      78.6MB

    • MD5

      27355d8a2ed7dcca37cbf505f75171f2

    • SHA1

      d9b87059f47fb66a48cc5b92ba801cd47cc3af0b

    • SHA256

      3aab1234fa979e2b55341d15b20b4d0bcc19ca1d0d775aa126fec690c50ab902

    • SHA512

      16ccb32756edf601a4d4cb61ff63374d7c9fe4c0f792082f79064e8a2f136855828a9ecb04b630968eb161cb916a172d0f9446921d42cfd66b292ec7c1f64192

    • SSDEEP

      1572864:1lGKbL0v49VuazK2yOXk45pULLyEhsLXDyWcXPESbcPIk2NH:14y9Eau2yal5pUGnLTy78SbcPIp

    Score
    9/10
    • Enumerates VirtualBox DLL files

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Target

      Azure Logger/Azure Logger/Azure Logger.exe

    • Size

      79.1MB

    • MD5

      0cf68f3a0bae09b011bd886c3bb1e764

    • SHA1

      4e07c78801dbecb1b68bc6a1d662fb96165b1734

    • SHA256

      73fb1bba29abd1d142ea2ac2d73ce0cff868c66cf7063919a351384d9b26ebd5

    • SHA512

      2eaa6849ff1abedb85dfd32329c4974ad811ca0608b1ea05b4191a8feb567c4dd8a20e4df7e624c8ea672027203e0b606180d5e1afae1f36a303bbae907379bf

    • SSDEEP

      1572864:IjQNrFtgWGbiTlWc2Mp6SbKirAH8+1osuTCSxOB6xMbWDsPlAKq4:Ij3WGGTUc2gnbKS6xjKcBaOesPy

    Score
    9/10
    • Enumerates VirtualBox DLL files

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      db40ce247b464d3ac0d15080f22ce442

    • SHA1

      eb10f081e16c9566f1b487d39eda3fb8fa4b0de5

    • SHA256

      74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046

    • SHA512

      c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e

    • SSDEEP

      384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8

    Score
    3/10
    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      ddc40a1cee51500039f5c98ef7b1d3c9

    • SHA1

      1e65cf0d7acb74e429844d2ee5b2d39369d17750

    • SHA256

      1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436

    • SHA512

      c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db

    • SSDEEP

      192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE

    Score
    3/10
    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      fccbf8762a2d6e382b044d73c9969fbc

    • SHA1

      9530b874a2fb37cef0bdbc13775d64400c6158b4

    • SHA256

      bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89

    • SHA512

      359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ

    Score
    3/10
    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      c73e90c5ddfe238d98cff21a37fa5f47

    • SHA1

      af235a6549fece067f85904b550a86bafc6cc57a

    • SHA256

      de1acddf27e5e9ff65fda9eba01a1b3a22274bc28b055c1e9313fa0102b74a29

    • SHA512

      6a9531cee8dae1c16a46ade60e70eb95329efca0da6ee0716000440a2e7d9370c00d1fc1d8498648ab11f183378d85e98cb39b1456666a722ab5d4322335be28

    • SSDEEP

      192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxrvP9VRvM:Y4EAL/AfsFO8NsxuOxZw

    Score
    3/10
    • Target

      source_prepared.pyc

    • Size

      101KB

    • MD5

      1701140c7af71a3d1592e6ba43ce6a53

    • SHA1

      66482b70c4faeeea14844ca287ad9ba556964c41

    • SHA256

      1f6512ba6aadeb4cc461e3f3654bbf5282b51fac88251531dbffd03ac9e630ea

    • SHA512

      9a2cc3ac1e2667aac0655cee595c45fe8e75a45f6c406fd5b322f8a1a845567b36d7f6d530e63692f84d647b673c6775bd31c65eca250d37557380455354abb6

    • SSDEEP

      1536:7L7FRgyDJEpKdj+eo6t9TCv83z7ouWtpuFn2B:7L7v/DJEYoe9K8j7LIIn2B

    Score
    3/10
    • Target

      Azure Logger/Azure Logger/Components/requirements.txt

    • Size

      46B

    • MD5

      bbfad1ee08df16796ac60b7992682cda

    • SHA1

      fb8f49eda2ab57386f0e882505626595ce67e9a8

    • SHA256

      7fd8362e78cc20152d6912110410762fe60f3635e7ddc6c852addbdb9c80335f

    • SHA512

      08b099938e2f8f4b079d0b491f219cdeff99ffd2242e4dfc1cdea69866b8d8ab8adb393d0e4bc70bdcfdd1db1b0149413cf427e4d6ca5b3e6de6ef28f5ae1353

    Score
    5/10
    • Drops file in System32 directory

    • Target

      Azure Logger/Azure Logger/Extras/Hash.txt

    • Size

      48B

    • MD5

      0a0e728800e247e56b427b062dffed2f

    • SHA1

      f5f74ac3cb4552b74820a5054b87ac2e40ec91a3

    • SHA256

      8e3a6cdbe7de3db18dadc52945fa077ec33ff81c914081cc6bac501eade6e578

    • SHA512

      53db35d20df33e40bf58b39e002538a0b8e5f38943ee1827eb3db3e584195a70883c8d354e56ec99bd4cd958e3a72011db2e5d5006d25bfabc83fba6edc8879d

    Score
    1/10
    • Target

      Azure Logger/Azure Logger/Extras/unblock_sites.py

    • Size

      1KB

    • MD5

      02b4742f5ca28d70a6c354e469652a70

    • SHA1

      dc7c26d5a7ed63bad0bc1c35285a69591e9213ba

    • SHA256

      1da069d6a241978f2243a1d57284b1958c56b20aa8d92154deccd109004ee130

    • SHA512

      102d08fd10ecbbc665847a65b88347364b37a30dc1a503ebb81881e482f239acb90f5343c02612e2b7876805b6f4b46e5ab2d2c2997567091707e1fd14209bab

    Score
    3/10
    • Target

      Azure Logger/Azure Logger/README.txt

    • Size

      214B

    • MD5

      ab3e0092b06adba5eed7a0efb3cbeaba

    • SHA1

      843193766c3bc64bd1715cdd26e01aef34ebd94f

    • SHA256

      3080a11ee8299907bb58c0aeb6493c7d3925ec7e27bbf2bddb7743460223bfd5

    • SHA512

      6a94ab00c59efe90fc17b71f23366698b0ebd03ba643edec2fa41744e70063f345539964144c03ea2edc7dc42f6b284d5edf87908d375d687b530eaf5707e4ad

    Score
    1/10
    • Target

      Azure Logger/Azure Logger/install_python.bat

    • Size

      686B

    • MD5

      f30718a354e7cc104ea553ce5ae2d486

    • SHA1

      3876134e6b92da57a49d868013ed35b5d946f8fd

    • SHA256

      94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966

    • SHA512

      601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874

    • Enumerates VirtualBox DLL files

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks