General

  • Target

    1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b.exe

  • Size

    533KB

  • Sample

    240418-bhvfvsef59

  • MD5

    ab92ac92a5660397fd2bb0bf54e405e7

  • SHA1

    71696c57e08d2611547820602f466088d7999119

  • SHA256

    1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b

  • SHA512

    7a41aef4ac81cbd41ad293b92b758d37f734856e681d51b6e18299f162b6099fa43ae42f1dda7e565f7bce8a8dfafa026a38ec9579d902267fa06d21bba609bb

  • SSDEEP

    12288:vlOATP7Umq9adG75huKA6QMy1dHswGSoKluxdXXxd1672cWjoIC:sAD7Lq97ju96VUHT0KluxBD4rA

Malware Config

Extracted

Family

azorult

C2

http://ccrhs.shop/MI341/index.php

Targets

    • Target

      1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b.exe

    • Size

      533KB

    • MD5

      ab92ac92a5660397fd2bb0bf54e405e7

    • SHA1

      71696c57e08d2611547820602f466088d7999119

    • SHA256

      1d04af45a5f23bbffbe5fa0af2683234c2f70c234baf75cdf53f232523490b2b

    • SHA512

      7a41aef4ac81cbd41ad293b92b758d37f734856e681d51b6e18299f162b6099fa43ae42f1dda7e565f7bce8a8dfafa026a38ec9579d902267fa06d21bba609bb

    • SSDEEP

      12288:vlOATP7Umq9adG75huKA6QMy1dHswGSoKluxdXXxd1672cWjoIC:sAD7Lq97ju96VUHT0KluxBD4rA

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks