General

  • Target

    55305b6338fc6b5618251972a280ed043369e2ec494012a12b9e192b1f8e3ec5.exe

  • Size

    721KB

  • Sample

    240726-dtp2mawfpc

  • MD5

    23d9e79ffaa64a3919b4184bce784b9a

  • SHA1

    9e147a0274503096b7af286f25b4487d0a769636

  • SHA256

    55305b6338fc6b5618251972a280ed043369e2ec494012a12b9e192b1f8e3ec5

  • SHA512

    f91bf13ebc92646b68ece5d197c67a76a01208f6c33ef619c1c6eadee065911dd7f7df81ee2fd433ee9253029d86c8999d916224ddf591c259651fcf26df9281

  • SSDEEP

    12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75K:arl6kD68JmloO7TdNaPymUi63i62xHLu

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

    • Target

      55305b6338fc6b5618251972a280ed043369e2ec494012a12b9e192b1f8e3ec5.exe

    • Size

      721KB

    • MD5

      23d9e79ffaa64a3919b4184bce784b9a

    • SHA1

      9e147a0274503096b7af286f25b4487d0a769636

    • SHA256

      55305b6338fc6b5618251972a280ed043369e2ec494012a12b9e192b1f8e3ec5

    • SHA512

      f91bf13ebc92646b68ece5d197c67a76a01208f6c33ef619c1c6eadee065911dd7f7df81ee2fd433ee9253029d86c8999d916224ddf591c259651fcf26df9281

    • SSDEEP

      12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75K:arl6kD68JmloO7TdNaPymUi63i62xHLu

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks