General
-
Target
Robokits_USB_BT_18_ServoCon_Setup_V82.exe
-
Size
3.1MB
-
Sample
240806-qna2qszgkp
-
MD5
e0017606ff7935c846769b617a522c90
-
SHA1
ccbc102781a64f7936310e8f25028101ac3ff353
-
SHA256
0226f723ff835d0b46269c1b896fa18fef0a8ed24dc3c72872dcf4cb45be90f9
-
SHA512
b904262e8eea28f2229f6b670cf0240314626a8736aa90ed86f7c254cbe461190f1ba0976794b08dd11242b577c29bf3b2d5d767d910ad48889697a0e0cc34c5
-
SSDEEP
49152:sN26FOnzGn6LJvqkwnpC+mWd6uIcc+vo7dP6dF/WPxDz0peWUiz8ahxkYu:s06FOznLo0+Dd6uxc+vqYdF/WPxDIXxI
Static task
static1
Behavioral task
behavioral1
Sample
Robokits_USB_BT_18_ServoCon_Setup_V82.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Robokits_USB_BT_18_ServoCon_Setup_V82.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
azorult
http://boglogov.site/index.php
Targets
-
-
Target
Robokits_USB_BT_18_ServoCon_Setup_V82.exe
-
Size
3.1MB
-
MD5
e0017606ff7935c846769b617a522c90
-
SHA1
ccbc102781a64f7936310e8f25028101ac3ff353
-
SHA256
0226f723ff835d0b46269c1b896fa18fef0a8ed24dc3c72872dcf4cb45be90f9
-
SHA512
b904262e8eea28f2229f6b670cf0240314626a8736aa90ed86f7c254cbe461190f1ba0976794b08dd11242b577c29bf3b2d5d767d910ad48889697a0e0cc34c5
-
SSDEEP
49152:sN26FOnzGn6LJvqkwnpC+mWd6uIcc+vo7dP6dF/WPxDz0peWUiz8ahxkYu:s06FOznLo0+Dd6uxc+vqYdF/WPxDIXxI
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Hide Artifacts: Hidden Users
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Hide Artifacts
2Hidden Files and Directories
1Hidden Users
1Impair Defenses
5Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Subvert Trust Controls
1SIP and Trust Provider Hijacking
1