General

  • Target

    35951704bf97c135fec65cca9bc2e1c1.bin

  • Size

    344KB

  • Sample

    230913-bg9t6agg31

  • MD5

    60b11f3b2c2d46c8d6649c5aa19df35b

  • SHA1

    0c69a1f2f5caac4963c0975f35763f4fae3043d7

  • SHA256

    5ac5f1f0caf5f0b719261748e2afc0726a8ff11a98503646fe458a7965ee042c

  • SHA512

    1e113a1f963e7077ab98c9e225c2812e93a7391cd4abae11100f8ccae31b82f6026926934005edfa1753cc9280d5a039ebb584fb05a1177e21cf82dfd4d7ccb7

  • SSDEEP

    6144:2FHfaf2mL2IDUbicUeuX7O24KtWJjbVGlnKJsumiQynivUmTLtNuw7cx3rFyA:cHCfv6hbIeuLO2ztWRVYnKCuzQuFmTR+

Malware Config

Targets

    • Target

      932a29dcd8b778f2e7c509b3ef9d732632edc266596bea3ed351803dc08cd5af.exe

    • Size

      593KB

    • MD5

      35951704bf97c135fec65cca9bc2e1c1

    • SHA1

      f5232f30da3a3c5df4a6d15aea178059fb14cd89

    • SHA256

      932a29dcd8b778f2e7c509b3ef9d732632edc266596bea3ed351803dc08cd5af

    • SHA512

      2a7577bd58fcbd7de29746daceca839f799fa0438d9d3d2e331e6a872c15cb634f688b4a6f99d19cc2d16e74d5b8ee091809cad09aa99dfffebb7c6c74532212

    • SSDEEP

      12288:Sgm/Sduud+GG2zwcb9ZSNpLen7CgAHWfRdaA:Sg1duud+G0u9ANJM7CCJ

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks