General

  • Target

    d5fef129421d27ca890b71eaf760b6e8_JC.exe

  • Size

    720KB

  • Sample

    230911-x2k77aah83

  • MD5

    d5fef129421d27ca890b71eaf760b6e8

  • SHA1

    28b63fd03c8b6198de20ef8a8c68b21e16a3c372

  • SHA256

    8ae106fb0ae13952f225b1a9515d0e081dd6435a895ca8787645a048fa96fdc3

  • SHA512

    9de2adf31842f4396556961e88d97fda16c8fd4f3b3d456f7f93b6d9c04d65745d85c325e30db6c31820dfe99b18bf1c0eaa0e17a59b52c8a83289f80fc0c61b

  • SSDEEP

    12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75Z:arl6kD68JmloO7TdNaPymUi63i62xHLt

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

    • Target

      d5fef129421d27ca890b71eaf760b6e8_JC.exe

    • Size

      720KB

    • MD5

      d5fef129421d27ca890b71eaf760b6e8

    • SHA1

      28b63fd03c8b6198de20ef8a8c68b21e16a3c372

    • SHA256

      8ae106fb0ae13952f225b1a9515d0e081dd6435a895ca8787645a048fa96fdc3

    • SHA512

      9de2adf31842f4396556961e88d97fda16c8fd4f3b3d456f7f93b6d9c04d65745d85c325e30db6c31820dfe99b18bf1c0eaa0e17a59b52c8a83289f80fc0c61b

    • SSDEEP

      12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75Z:arl6kD68JmloO7TdNaPymUi63i62xHLt

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks