General

  • Target

    0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11.exe

  • Size

    629KB

  • Sample

    240907-bdtc1axakg

  • MD5

    f34d46989b27c8a7c40d395b0afd9c86

  • SHA1

    e4a7ec238d8435b094c5a38a601e133da646b4fb

  • SHA256

    0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11

  • SHA512

    ed53d43fdc9f1d075d94de4e79bf8631655c30a5571d5e6e3971a3a5a3a14ddaff16361df4824ad342d2375e195a0a3c8c5b6b303ee10e244a3c6d2626a5c826

  • SSDEEP

    12288:6ZZIH53gbcNk10Fu8ndvsFTEf5yFqfKLRm2/gx0xI4BOiOycDbmmpS45cZbtTkR:dHKbcNk10FBEGfWqp+gqI441FJpSBXG

Malware Config

Extracted

Family

azorult

C2

http://l0h5.shop/CM341/index.php

Targets

    • Target

      0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11.exe

    • Size

      629KB

    • MD5

      f34d46989b27c8a7c40d395b0afd9c86

    • SHA1

      e4a7ec238d8435b094c5a38a601e133da646b4fb

    • SHA256

      0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11

    • SHA512

      ed53d43fdc9f1d075d94de4e79bf8631655c30a5571d5e6e3971a3a5a3a14ddaff16361df4824ad342d2375e195a0a3c8c5b6b303ee10e244a3c6d2626a5c826

    • SSDEEP

      12288:6ZZIH53gbcNk10Fu8ndvsFTEf5yFqfKLRm2/gx0xI4BOiOycDbmmpS45cZbtTkR:dHKbcNk10FBEGfWqp+gqI441FJpSBXG

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks