General

  • Target

    Azzure-Main.exe

  • Size

    76.8MB

  • Sample

    240824-qc8tma1fme

  • MD5

    cee405d91e0297a103eca9491c083cfa

  • SHA1

    57c6a2926a5bfb5c1784403d8bd49d0dd81aaa9d

  • SHA256

    fdeb79b2f5ef85a7ef6d5d104770e094ad0e8e47f31ccdf897b8284a47569d66

  • SHA512

    3446b5f8879b9be95fcbf0bc015743d897e01174319553c2128ee137a4e60132eaf7eab5743c8996c83d07e1ef54b1c277b04415e648d3fa51ee1f81817f938c

  • SSDEEP

    1572864:pvHcRlKW5h7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh7reqEjV37U:pvHcRY6hTSkB05awcfLdMpuFh7rbQo

Malware Config

Targets

    • Target

      Azzure-Main.exe

    • Size

      76.8MB

    • MD5

      cee405d91e0297a103eca9491c083cfa

    • SHA1

      57c6a2926a5bfb5c1784403d8bd49d0dd81aaa9d

    • SHA256

      fdeb79b2f5ef85a7ef6d5d104770e094ad0e8e47f31ccdf897b8284a47569d66

    • SHA512

      3446b5f8879b9be95fcbf0bc015743d897e01174319553c2128ee137a4e60132eaf7eab5743c8996c83d07e1ef54b1c277b04415e648d3fa51ee1f81817f938c

    • SSDEEP

      1572864:pvHcRlKW5h7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh7reqEjV37U:pvHcRY6hTSkB05awcfLdMpuFh7rbQo

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks