Overview

overview

10

Static

static

5

017cf1bd7b...cs.exe

windows7-x64

10

017cf1bd7b...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    017cf1bd7bac1cd2c0c26b194dc46f60_NeikiAnalytics.exe

  • Size

    1.2MB

  • Sample

    240526-zv4gasca5t

  • MD5

    017cf1bd7bac1cd2c0c26b194dc46f60

  • SHA1

    769a4b2d08f0731da988901de805867b54cdfdde

  • SHA256

    54371f146852c449016d49ddcf330bd1ec45dc8ef48f304bba19aad34118792b

  • SHA512

    a8eb82e187926a8a7c4cac838cc6de5502f747f88ea5185af52d6c40f48b0d6efc44829ca8e490da48a61a5f0d5a33ffef7fb37248306ce611524b3218e15866

  • SSDEEP

    24576:mu6J33O0c+JY5UZ+XC0kGsoTGcK7YBaPymUi63i62xHLVFvtWYeF:ou0c++OCvkGsEGcK8BufT5LVuYK

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

    • Target

      017cf1bd7bac1cd2c0c26b194dc46f60_NeikiAnalytics.exe

    • Size

      1.2MB

    • MD5

      017cf1bd7bac1cd2c0c26b194dc46f60

    • SHA1

      769a4b2d08f0731da988901de805867b54cdfdde

    • SHA256

      54371f146852c449016d49ddcf330bd1ec45dc8ef48f304bba19aad34118792b

    • SHA512

      a8eb82e187926a8a7c4cac838cc6de5502f747f88ea5185af52d6c40f48b0d6efc44829ca8e490da48a61a5f0d5a33ffef7fb37248306ce611524b3218e15866

    • SSDEEP

      24576:mu6J33O0c+JY5UZ+XC0kGsoTGcK7YBaPymUi63i62xHLVFvtWYeF:ou0c++OCvkGsEGcK8BufT5LVuYK

    Score
    10/10
    azorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks