Overview

overview

10

Static

static

3

23722503bd...95.exe

windows7-x64

10

23722503bd...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec88a4c1dcfb3861f6c9c364deeabd94.bin

  • Size

    675KB

  • Sample

    240218-fbrtlsed82

  • MD5

    65a0fb7de2a59c4032dd7da4f4c2984d

  • SHA1

    824709b94b9d7613846171066ed75c614f67837e

  • SHA256

    4b6543349f1a1f1560be01689aee726e8b41f0a17b264cf935eecec6f46ec1a8

  • SHA512

    d33831671cc880f08b80997c4237a496aa44df3764d552a255bd2446dfc1a29e5b19e9d708d4b9fa8f15a0bb90c59488fa80c5ff95248ea2f02130acced75776

  • SSDEEP

    12288:isXcE7yQLTDEDQDR1fnyMzzUHPmAsmrsXPfefc+pccRvYQVxfreeG:BdnHDm6R1fnyMnUHPms4XeE+pccv3k

Score
10/10
azorultzgratdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895.exe

    • Size

      717KB

    • MD5

      ec88a4c1dcfb3861f6c9c364deeabd94

    • SHA1

      ed0d81e041345ddc9ff9fea8bad197ee1a66fe82

    • SHA256

      23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895

    • SHA512

      81f6ed64f54778aa59afbc515dd6a40b5acac397348801dadbddcfdc15711144c3085e08099ba2a28a98055039916ade0e0cde1ea6fcf78b1f5962e8651609a7

    • SSDEEP

      12288:rtHCL6YFXDk8fwYXzlRLf3AM+lsEttF2s9NgztG2Qk/sxJhT:xHq6Y5hRLsGEvF2sOtGkIh

    Score
    10/10
    azorultzgratinfostealerrattrojandiscovery

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks