General

  • Target

    igucc.exe

  • Size

    593KB

  • Sample

    230911-p8hrmsgc79

  • MD5

    35951704bf97c135fec65cca9bc2e1c1

  • SHA1

    f5232f30da3a3c5df4a6d15aea178059fb14cd89

  • SHA256

    932a29dcd8b778f2e7c509b3ef9d732632edc266596bea3ed351803dc08cd5af

  • SHA512

    2a7577bd58fcbd7de29746daceca839f799fa0438d9d3d2e331e6a872c15cb634f688b4a6f99d19cc2d16e74d5b8ee091809cad09aa99dfffebb7c6c74532212

  • SSDEEP

    12288:Sgm/Sduud+GG2zwcb9ZSNpLen7CgAHWfRdaA:Sg1duud+G0u9ANJM7CCJ

Malware Config

Targets

    • Target

      igucc.exe

    • Size

      593KB

    • MD5

      35951704bf97c135fec65cca9bc2e1c1

    • SHA1

      f5232f30da3a3c5df4a6d15aea178059fb14cd89

    • SHA256

      932a29dcd8b778f2e7c509b3ef9d732632edc266596bea3ed351803dc08cd5af

    • SHA512

      2a7577bd58fcbd7de29746daceca839f799fa0438d9d3d2e331e6a872c15cb634f688b4a6f99d19cc2d16e74d5b8ee091809cad09aa99dfffebb7c6c74532212

    • SSDEEP

      12288:Sgm/Sduud+GG2zwcb9ZSNpLen7CgAHWfRdaA:Sg1duud+G0u9ANJM7CCJ

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks