General
-
Target
test.txt
-
Size
12B
-
Sample
240318-tzfcdada85
-
MD5
6f5902ac237024bdd0c176cb93063dc4
-
SHA1
22596363b3de40b06f981fb85d82312e8c0ed511
-
SHA256
a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
-
SHA512
db3974a97f2407b7cae1ae637c0030687a11913274d578492558e39c16c017de84eacdc8c62fe34ee4e12b4b1428817f09b6a2760c3f8a664ceae94d2434a593
Static task
static1
Behavioral task
behavioral1
Sample
test.txt
Resource
win10v2004-20240226-en
Malware Config
Extracted
azorult
http://boglogov.site/index.php
Targets
-
-
Target
test.txt
-
Size
12B
-
MD5
6f5902ac237024bdd0c176cb93063dc4
-
SHA1
22596363b3de40b06f981fb85d82312e8c0ed511
-
SHA256
a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
-
SHA512
db3974a97f2407b7cae1ae637c0030687a11913274d578492558e39c16c017de84eacdc8c62fe34ee4e12b4b1428817f09b6a2760c3f8a664ceae94d2434a593
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Downloads MZ/PE file
-
Stops running service(s)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2