Overview
overview
9Static
static
3Azurite Se...12.exe
windows7-x64
Azurite Se...12.exe
windows10-2004-x64
5$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3Azurite.exe
windows7-x64
Azurite.exe
windows10-2004-x64
6resources/app.js
windows7-x64
3resources/app.js
windows10-2004-x64
3resources/elevate.exe
windows7-x64
3resources/elevate.exe
windows10-2004-x64
3swiftshade...GL.dll
windows7-x64
3swiftshade...GL.dll
windows10-2004-x64
3swiftshade...v2.dll
windows7-x64
3swiftshade...v2.dll
windows10-2004-x64
3vk_swiftshader.dll
windows7-x64
3vk_swiftshader.dll
windows10-2004-x64
3vulkan-1.dll
windows7-x64
3vulkan-1.dll
windows10-2004-x64
3Azurite.exe
windows7-x64
5Azurite.exe
windows10-2004-x64
5LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3resources/app.js
windows7-x64
3resources/app.js
windows10-2004-x64
3resources/elevate.exe
windows7-x64
3resources/elevate.exe
windows10-2004-x64
3General
-
Target
Azurite Setup 1.1.12.exe
-
Size
111.3MB
-
Sample
241016-ypsxyatblj
-
MD5
4848ad03ab3dd1c09aaf5ace18a55f36
-
SHA1
f8f65216cdff313730ce23cb98d3302aad8b403b
-
SHA256
a570a7c27ab10595ae8d850ff72e02aa473a7f2b858603c963df513ebdf67227
-
SHA512
6d926a9674e0ea3130323e725289ea54c31c9e2be4745a8f407d32fe91cac8ca7ffa97d0c107de3d293c8aa990e44f901e322e342eb01d3e7968b880b2d026c3
-
SSDEEP
3145728:5gFkGgcymcNLCSBsFkGNnSjejR0XL4pPV:KCLCSmZn+V09
Static task
static1
Behavioral task
behavioral1
Sample
Azurite Setup 1.1.12.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Azurite Setup 1.1.12.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Azurite.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Azurite.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
resources/app.js
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
resources/app.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
resources/elevate.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
resources/elevate.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
swiftshader/libEGL.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
swiftshader/libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
swiftshader/libGLESv2.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
swiftshader/libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
vk_swiftshader.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
vk_swiftshader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
vulkan-1.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
vulkan-1.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Azurite.exe
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
Azurite.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
LICENSES.chromium.html
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
LICENSES.chromium.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
resources/app.js
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
resources/app.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
resources/elevate.exe
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
resources/elevate.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Azurite Setup 1.1.12.exe
-
Size
111.3MB
-
MD5
4848ad03ab3dd1c09aaf5ace18a55f36
-
SHA1
f8f65216cdff313730ce23cb98d3302aad8b403b
-
SHA256
a570a7c27ab10595ae8d850ff72e02aa473a7f2b858603c963df513ebdf67227
-
SHA512
6d926a9674e0ea3130323e725289ea54c31c9e2be4745a8f407d32fe91cac8ca7ffa97d0c107de3d293c8aa990e44f901e322e342eb01d3e7968b880b2d026c3
-
SSDEEP
3145728:5gFkGgcymcNLCSBsFkGNnSjejR0XL4pPV:KCLCSmZn+V09
-
Modifies boot configuration data using bcdedit
-
Drops desktop.ini file(s)
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
14KB
-
MD5
adb29e6b186daa765dc750128649b63d
-
SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9
-
SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
-
SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
SSDEEP
192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
Azurite.exe
-
Size
112.3MB
-
MD5
cfb583250979f7b0e9f86a946bc00da3
-
SHA1
69d35ffb6444486a14c34c58076e2b80d6cd968b
-
SHA256
c29ebe09d23345245b4fafb199a475805855e66a65e9d2b7ce31f08ddb2a8f88
-
SHA512
2100c6d9debd28a64ea525b217e218d961887577e13031f8f895f70a96fb1b39ab51d3d996023b186411b49378ec5fc4647a0ef5c85454412ec10adb209a4fb5
-
SSDEEP
1572864:xtvDiwbuCfyG8cGjYSfIY20ZOjv6DhM6TpaOKcXYKpf53N6M/n0zxjASK8GDCegN:PvDisKhJAOKc6M/0GS0T8j
-
Drops desktop.ini file(s)
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
resources/app.asar
-
Size
4.9MB
-
MD5
f0283a70e4e77c72999016a2cc033172
-
SHA1
48f2207f9363faf63d3a6f2ac16ed2cf8022f8ab
-
SHA256
e0f0acdba0caa085dac0c2432a97670f88c4deaeded715e2e9452b03400d592f
-
SHA512
5f73110a134f02e71c84d6d8da4c9aa5c572adec5bbe40255b30b9a37d2818064261c8a57b76c8da7efbfbced061066d53437a66197c9caaa0dcd90c1b60bddc
-
SSDEEP
49152:ONR9MIzoqaqmrxt0qDxvWKG3BFu/oqzx/tfDTaZSJlQMAkp7a5jRm4A4s4QNhAeT:WibQSpGLA4s4QE4CK
Score3/10 -
-
-
Target
resources/elevate.exe
-
Size
126KB
-
MD5
1dc0d03352f29cec211f9d878410898b
-
SHA1
7960473f58d3d5c36d5cfa7fabd20fc3848fbd97
-
SHA256
5702e272bbf5380fa0c7df0aaf147a29e829f1d4bf06c962741cbce2df136e1a
-
SHA512
5acd0c466aa3aaa3b421de5659390e36e6de00ce3348b980ef20fd98799c89cb69fe87315f4f772ccaa72a6d232f5c602193a946033d74f3fc0e7b0b093148cb
-
SSDEEP
3072:lgbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl8fCfW:uPrwRhte1XsE1l8fCfW
Score3/10 -
-
-
Target
swiftshader/libEGL.dll
-
Size
366KB
-
MD5
8243a4fffca9219970a187b74d81b2a0
-
SHA1
d89bd462170bb4a56c14567fe0b17a0b75a5ede8
-
SHA256
8130e68850b0b521e66a648c4bfd4351b856bab11e9a6f9fb1272588329161fc
-
SHA512
7e5dc068aace50eaf893ec479e5c2e72eeca491ed6490b97d302675568aa6be3b715be0990541b5f531ea089dac625abb14ed3af86dcecd0508ab86c02d70425
-
SSDEEP
6144:c0xXgHVFDxkm2nh/nyce87Xi4dlwhNEkqZCC9uZaWPJqSpdZgO7J4+b2T:7h/Ze87Xi4dCC1uZaeZ8n
Score3/10 -
-
-
Target
swiftshader/libGLESv2.dll
-
Size
2.7MB
-
MD5
45210582981a7428c2802c2795c84bd8
-
SHA1
35d5d9fd0bb8e602328c7d3ef5f35edb2efbb15c
-
SHA256
021cc27cbde002b59991c876d6a9b85a9576e189e1fc9dbd9478f9f2d68387ec
-
SHA512
791c8ccfa328766e2eb4a7928b3d92a07ad3763ee245d515d2a0bad851d7f79cbdb42820644c1c4e4ca1aa826111887ae9cfc385616683e9de8f1c18bb1982fc
-
SSDEEP
49152:IdnrjtIvoFzKkAdACGPIuV95gE+pZRNA32yJ6uhH2elKnmeEkAz4RnEoJ2rdzNBE:IF3tfKNtja1MZdZ1X
Score3/10 -
-
-
Target
vk_swiftshader.dll
-
Size
3.9MB
-
MD5
ac4520e55596616f8dff7e6541be2995
-
SHA1
ade080e03077300bd4281a0c050312c22330b4bb
-
SHA256
b01685659e300407c1a341f56a21d3f8ce3ef271798518aa71ddc6db47314d89
-
SHA512
0da447906378e786b3b2728e01b5f8fec58cc37edc5659179f7c07141acae5c1193e7851e6ac778cfebbfacf8a67361907b87f59610361efe9782721ec25ba0c
-
SSDEEP
49152:NWzcL9x2ydlDTa7GmidqJfec1e6u9px5Uxb92ZpJyTlN9lp/5iY8E8oP7qG7rm7Q:paK1GPm4gmZZrVSowgaB
Score3/10 -
-
-
Target
vulkan-1.dll
-
Size
616KB
-
MD5
f3e7fdbee5eaf7d803ac12ca73335145
-
SHA1
67bfd13c47d2f007a1baa2006d79789f7a42aab8
-
SHA256
2c80574c9425611422f70c650edf81dcc4f91052f0dfd247ab1d18ea468ee10d
-
SHA512
af787fac26fdb603e1ea5e764c732c4454d47c49ab4fdbc8f2c1055ed965aebb8a94dd38feb891e84f07239525c816173c70b0f7069b15d43cdf878e0e14b72d
-
SSDEEP
12288:sqVxi0ZmVhGfA8gFlkPdcarfoxpQGyHua8pyE/XPVPYo:RxJRrfQry4yE
Score3/10 -
-
-
Target
Azurite.exe
-
Size
129.9MB
-
MD5
f4711870ecf07fbb3719156a31e436e0
-
SHA1
fdbdd5b6f1798b366372468ad9ca7e339696616c
-
SHA256
6851968cabeeeb7506b44f4d0188ac3caa3aac14cac3203ca31e7649d73a4723
-
SHA512
f987e1b389c00600604412c9c2c2178a1302bfd892dfba0f89a3b8df3d663cd18407d76fa54562e7bd10901c81256833e334ab7647021e7e0da2dd24cb04afd1
-
SSDEEP
1572864:4QHkxCFvPPMUx9GAEAgh9h/d/9K/5xA1FWyVtPuXx2/i:REgMUx9xEAZ1Eti2K
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
LICENSES.chromium.html
-
Size
5.1MB
-
MD5
6b84319ee8a0a0af690273d3d2dcbaf4
-
SHA1
857ca353e0582d100dcbc6cb6761bb4430d0cb90
-
SHA256
fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
-
SHA512
26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
-
SSDEEP
24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS
Score3/10 -
-
-
Target
resources/app.asar
-
Size
4.9MB
-
MD5
f0283a70e4e77c72999016a2cc033172
-
SHA1
48f2207f9363faf63d3a6f2ac16ed2cf8022f8ab
-
SHA256
e0f0acdba0caa085dac0c2432a97670f88c4deaeded715e2e9452b03400d592f
-
SHA512
5f73110a134f02e71c84d6d8da4c9aa5c572adec5bbe40255b30b9a37d2818064261c8a57b76c8da7efbfbced061066d53437a66197c9caaa0dcd90c1b60bddc
-
SSDEEP
49152:ONR9MIzoqaqmrxt0qDxvWKG3BFu/oqzx/tfDTaZSJlQMAkp7a5jRm4A4s4QNhAeT:WibQSpGLA4s4QE4CK
Score3/10 -
-
-
Target
resources/elevate.exe
-
Size
126KB
-
MD5
5b92eb0ac2b8c42f8c38ac7ad05f44fc
-
SHA1
33ec0c140c98c80cd2eb54435b5bcf85b5ab1691
-
SHA256
a933bafb1ec613cdb6f21c409bc0a03a5b822a14f9ea8df9665372e701511e94
-
SHA512
a4839c7caa066ad0baeb3970886250f64ca4ca6161096c81cce7bb110a0716d518df0abc5aeea98b0d43388eef926bc92e91d43fafc8342a3d3a53204bbecc13
-
SSDEEP
3072:tgbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlBfRfy:WPrwRhte1XsE1lBfRfy
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2JavaScript
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Netsh Helper DLL
1Power Settings
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Query Registry
6System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1