General

  • Target

    06ee0cda0f0ee95f478bd1b221ff8bc4_JC.exe

  • Size

    720KB

  • Sample

    230911-vyfr7ahg45

  • MD5

    06ee0cda0f0ee95f478bd1b221ff8bc4

  • SHA1

    455d2895b23d616455a790be025a317e757ef024

  • SHA256

    6129391d8833986923edf1220cb5ea0a9397ba819afc6bb73133e9f9456bc3d9

  • SHA512

    eba42d77d6197319f40fb7cf416a9f972ba23c6c63d395646cbd229ae175fa78850f81e2546dc12feaa76e86eb2333581a5ff4bc9eaceabfe58838cf05508b6b

  • SSDEEP

    12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75G:arl6kD68JmloO7TdNaPymUi63i62xHLq

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

    • Target

      06ee0cda0f0ee95f478bd1b221ff8bc4_JC.exe

    • Size

      720KB

    • MD5

      06ee0cda0f0ee95f478bd1b221ff8bc4

    • SHA1

      455d2895b23d616455a790be025a317e757ef024

    • SHA256

      6129391d8833986923edf1220cb5ea0a9397ba819afc6bb73133e9f9456bc3d9

    • SHA512

      eba42d77d6197319f40fb7cf416a9f972ba23c6c63d395646cbd229ae175fa78850f81e2546dc12feaa76e86eb2333581a5ff4bc9eaceabfe58838cf05508b6b

    • SSDEEP

      12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75G:arl6kD68JmloO7TdNaPymUi63i62xHLq

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks