General

  • Target

    Azurite Setup 1.1.12.exe

  • Size

    111.3MB

  • Sample

    241016-ypsxyatblj

  • MD5

    4848ad03ab3dd1c09aaf5ace18a55f36

  • SHA1

    f8f65216cdff313730ce23cb98d3302aad8b403b

  • SHA256

    a570a7c27ab10595ae8d850ff72e02aa473a7f2b858603c963df513ebdf67227

  • SHA512

    6d926a9674e0ea3130323e725289ea54c31c9e2be4745a8f407d32fe91cac8ca7ffa97d0c107de3d293c8aa990e44f901e322e342eb01d3e7968b880b2d026c3

  • SSDEEP

    3145728:5gFkGgcymcNLCSBsFkGNnSjejR0XL4pPV:KCLCSmZn+V09

Malware Config

Targets

    • Target

      Azurite Setup 1.1.12.exe

    • Size

      111.3MB

    • MD5

      4848ad03ab3dd1c09aaf5ace18a55f36

    • SHA1

      f8f65216cdff313730ce23cb98d3302aad8b403b

    • SHA256

      a570a7c27ab10595ae8d850ff72e02aa473a7f2b858603c963df513ebdf67227

    • SHA512

      6d926a9674e0ea3130323e725289ea54c31c9e2be4745a8f407d32fe91cac8ca7ffa97d0c107de3d293c8aa990e44f901e322e342eb01d3e7968b880b2d026c3

    • SSDEEP

      3145728:5gFkGgcymcNLCSBsFkGNnSjejR0XL4pPV:KCLCSmZn+V09

    • Modifies boot configuration data using bcdedit

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      Azurite.exe

    • Size

      112.3MB

    • MD5

      cfb583250979f7b0e9f86a946bc00da3

    • SHA1

      69d35ffb6444486a14c34c58076e2b80d6cd968b

    • SHA256

      c29ebe09d23345245b4fafb199a475805855e66a65e9d2b7ce31f08ddb2a8f88

    • SHA512

      2100c6d9debd28a64ea525b217e218d961887577e13031f8f895f70a96fb1b39ab51d3d996023b186411b49378ec5fc4647a0ef5c85454412ec10adb209a4fb5

    • SSDEEP

      1572864:xtvDiwbuCfyG8cGjYSfIY20ZOjv6DhM6TpaOKcXYKpf53N6M/n0zxjASK8GDCegN:PvDisKhJAOKc6M/0GS0T8j

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      resources/app.asar

    • Size

      4.9MB

    • MD5

      f0283a70e4e77c72999016a2cc033172

    • SHA1

      48f2207f9363faf63d3a6f2ac16ed2cf8022f8ab

    • SHA256

      e0f0acdba0caa085dac0c2432a97670f88c4deaeded715e2e9452b03400d592f

    • SHA512

      5f73110a134f02e71c84d6d8da4c9aa5c572adec5bbe40255b30b9a37d2818064261c8a57b76c8da7efbfbced061066d53437a66197c9caaa0dcd90c1b60bddc

    • SSDEEP

      49152:ONR9MIzoqaqmrxt0qDxvWKG3BFu/oqzx/tfDTaZSJlQMAkp7a5jRm4A4s4QNhAeT:WibQSpGLA4s4QE4CK

    Score
    3/10
    • Target

      resources/elevate.exe

    • Size

      126KB

    • MD5

      1dc0d03352f29cec211f9d878410898b

    • SHA1

      7960473f58d3d5c36d5cfa7fabd20fc3848fbd97

    • SHA256

      5702e272bbf5380fa0c7df0aaf147a29e829f1d4bf06c962741cbce2df136e1a

    • SHA512

      5acd0c466aa3aaa3b421de5659390e36e6de00ce3348b980ef20fd98799c89cb69fe87315f4f772ccaa72a6d232f5c602193a946033d74f3fc0e7b0b093148cb

    • SSDEEP

      3072:lgbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl8fCfW:uPrwRhte1XsE1l8fCfW

    Score
    3/10
    • Target

      swiftshader/libEGL.dll

    • Size

      366KB

    • MD5

      8243a4fffca9219970a187b74d81b2a0

    • SHA1

      d89bd462170bb4a56c14567fe0b17a0b75a5ede8

    • SHA256

      8130e68850b0b521e66a648c4bfd4351b856bab11e9a6f9fb1272588329161fc

    • SHA512

      7e5dc068aace50eaf893ec479e5c2e72eeca491ed6490b97d302675568aa6be3b715be0990541b5f531ea089dac625abb14ed3af86dcecd0508ab86c02d70425

    • SSDEEP

      6144:c0xXgHVFDxkm2nh/nyce87Xi4dlwhNEkqZCC9uZaWPJqSpdZgO7J4+b2T:7h/Ze87Xi4dCC1uZaeZ8n

    Score
    3/10
    • Target

      swiftshader/libGLESv2.dll

    • Size

      2.7MB

    • MD5

      45210582981a7428c2802c2795c84bd8

    • SHA1

      35d5d9fd0bb8e602328c7d3ef5f35edb2efbb15c

    • SHA256

      021cc27cbde002b59991c876d6a9b85a9576e189e1fc9dbd9478f9f2d68387ec

    • SHA512

      791c8ccfa328766e2eb4a7928b3d92a07ad3763ee245d515d2a0bad851d7f79cbdb42820644c1c4e4ca1aa826111887ae9cfc385616683e9de8f1c18bb1982fc

    • SSDEEP

      49152:IdnrjtIvoFzKkAdACGPIuV95gE+pZRNA32yJ6uhH2elKnmeEkAz4RnEoJ2rdzNBE:IF3tfKNtja1MZdZ1X

    Score
    3/10
    • Target

      vk_swiftshader.dll

    • Size

      3.9MB

    • MD5

      ac4520e55596616f8dff7e6541be2995

    • SHA1

      ade080e03077300bd4281a0c050312c22330b4bb

    • SHA256

      b01685659e300407c1a341f56a21d3f8ce3ef271798518aa71ddc6db47314d89

    • SHA512

      0da447906378e786b3b2728e01b5f8fec58cc37edc5659179f7c07141acae5c1193e7851e6ac778cfebbfacf8a67361907b87f59610361efe9782721ec25ba0c

    • SSDEEP

      49152:NWzcL9x2ydlDTa7GmidqJfec1e6u9px5Uxb92ZpJyTlN9lp/5iY8E8oP7qG7rm7Q:paK1GPm4gmZZrVSowgaB

    Score
    3/10
    • Target

      vulkan-1.dll

    • Size

      616KB

    • MD5

      f3e7fdbee5eaf7d803ac12ca73335145

    • SHA1

      67bfd13c47d2f007a1baa2006d79789f7a42aab8

    • SHA256

      2c80574c9425611422f70c650edf81dcc4f91052f0dfd247ab1d18ea468ee10d

    • SHA512

      af787fac26fdb603e1ea5e764c732c4454d47c49ab4fdbc8f2c1055ed965aebb8a94dd38feb891e84f07239525c816173c70b0f7069b15d43cdf878e0e14b72d

    • SSDEEP

      12288:sqVxi0ZmVhGfA8gFlkPdcarfoxpQGyHua8pyE/XPVPYo:RxJRrfQry4yE

    Score
    3/10
    • Target

      Azurite.exe

    • Size

      129.9MB

    • MD5

      f4711870ecf07fbb3719156a31e436e0

    • SHA1

      fdbdd5b6f1798b366372468ad9ca7e339696616c

    • SHA256

      6851968cabeeeb7506b44f4d0188ac3caa3aac14cac3203ca31e7649d73a4723

    • SHA512

      f987e1b389c00600604412c9c2c2178a1302bfd892dfba0f89a3b8df3d663cd18407d76fa54562e7bd10901c81256833e334ab7647021e7e0da2dd24cb04afd1

    • SSDEEP

      1572864:4QHkxCFvPPMUx9GAEAgh9h/d/9K/5xA1FWyVtPuXx2/i:REgMUx9xEAZ1Eti2K

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      LICENSES.chromium.html

    • Size

      5.1MB

    • MD5

      6b84319ee8a0a0af690273d3d2dcbaf4

    • SHA1

      857ca353e0582d100dcbc6cb6761bb4430d0cb90

    • SHA256

      fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585

    • SHA512

      26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a

    • SSDEEP

      24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS

    Score
    3/10
    • Target

      resources/app.asar

    • Size

      4.9MB

    • MD5

      f0283a70e4e77c72999016a2cc033172

    • SHA1

      48f2207f9363faf63d3a6f2ac16ed2cf8022f8ab

    • SHA256

      e0f0acdba0caa085dac0c2432a97670f88c4deaeded715e2e9452b03400d592f

    • SHA512

      5f73110a134f02e71c84d6d8da4c9aa5c572adec5bbe40255b30b9a37d2818064261c8a57b76c8da7efbfbced061066d53437a66197c9caaa0dcd90c1b60bddc

    • SSDEEP

      49152:ONR9MIzoqaqmrxt0qDxvWKG3BFu/oqzx/tfDTaZSJlQMAkp7a5jRm4A4s4QNhAeT:WibQSpGLA4s4QE4CK

    Score
    3/10
    • Target

      resources/elevate.exe

    • Size

      126KB

    • MD5

      5b92eb0ac2b8c42f8c38ac7ad05f44fc

    • SHA1

      33ec0c140c98c80cd2eb54435b5bcf85b5ab1691

    • SHA256

      a933bafb1ec613cdb6f21c409bc0a03a5b822a14f9ea8df9665372e701511e94

    • SHA512

      a4839c7caa066ad0baeb3970886250f64ca4ca6161096c81cce7bb110a0716d518df0abc5aeea98b0d43388eef926bc92e91d43fafc8342a3d3a53204bbecc13

    • SSDEEP

      3072:tgbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlBfRfy:WPrwRhte1XsE1lBfRfy

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoveryevasionexecutionlateral_movementpersistenceprivilege_escalationransomware
Score
9/10

behavioral2

discovery
Score
5/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryexecutionlateral_movementpersistenceprivilege_escalation
Score
6/10

behavioral12

discoveryexecutionlateral_movementpersistenceprivilege_escalation
Score
6/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
5/10

behavioral26

Score
5/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10