General

  • Target

    944aad76a56a5dd4a1016cbcef571404_JC.exe

  • Size

    720KB

  • Sample

    230917-l5yf5sbh53

  • MD5

    944aad76a56a5dd4a1016cbcef571404

  • SHA1

    a4576e9f5ee5bd75da41891164f1ad2ef1a8e548

  • SHA256

    6d622e6be1cf17537be2f9c1ec5d2cd6bda6ad57dcb6ffaba2adbfe6c8bf34c2

  • SHA512

    5be830c1847e050ad74c2b8b86d14e8abef0f2c3ba78a861daa14440af6a4eeb5ac01e579585aabbc7f79320601b40748ac26e8f6b1b541aa7f0a11065899b4f

  • SSDEEP

    12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75N:arl6kD68JmloO7TdNaPymUi63i62xHLp

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

    • Target

      944aad76a56a5dd4a1016cbcef571404_JC.exe

    • Size

      720KB

    • MD5

      944aad76a56a5dd4a1016cbcef571404

    • SHA1

      a4576e9f5ee5bd75da41891164f1ad2ef1a8e548

    • SHA256

      6d622e6be1cf17537be2f9c1ec5d2cd6bda6ad57dcb6ffaba2adbfe6c8bf34c2

    • SHA512

      5be830c1847e050ad74c2b8b86d14e8abef0f2c3ba78a861daa14440af6a4eeb5ac01e579585aabbc7f79320601b40748ac26e8f6b1b541aa7f0a11065899b4f

    • SSDEEP

      12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75N:arl6kD68JmloO7TdNaPymUi63i62xHLp

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks