General
-
Target
No. 1349240400713.exe
-
Size
654KB
-
Sample
241104-kbvbysxkbt
-
MD5
0049a8ce1e4c42cea9b5d2516c64612c
-
SHA1
f0526a23f7f5de1c0b2200e92fba833edcacbe02
-
SHA256
d0549673b20a4041c1d1bfbdd841b0b768fefa6057f6a4203d54d0694f270cff
-
SHA512
b0b3af0312dffad1492c768475713f15f21b7832c0a5e4e64107149ef9b4f950ca56092d0013343869a649f3c0d009a6f24ae628bbc178569911b5ea0e506315
-
SSDEEP
6144:cT4DtLOuR2uyPG+H+tMN+dOugpzlyUflyWCalNEToCp6lAG9urP2DDUK5Lq75k:cT02VG+4iDlyUoaiXp6X9uruAK5Gi
Static task
static1
Behavioral task
behavioral1
Sample
No. 1349240400713.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
No. 1349240400713.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
http://89.40.31.232/12/index.php
Targets
-
-
Target
No. 1349240400713.exe
-
Size
654KB
-
MD5
0049a8ce1e4c42cea9b5d2516c64612c
-
SHA1
f0526a23f7f5de1c0b2200e92fba833edcacbe02
-
SHA256
d0549673b20a4041c1d1bfbdd841b0b768fefa6057f6a4203d54d0694f270cff
-
SHA512
b0b3af0312dffad1492c768475713f15f21b7832c0a5e4e64107149ef9b4f950ca56092d0013343869a649f3c0d009a6f24ae628bbc178569911b5ea0e506315
-
SSDEEP
6144:cT4DtLOuR2uyPG+H+tMN+dOugpzlyUflyWCalNEToCp6lAG9urP2DDUK5Lq75k:cT02VG+4iDlyUoaiXp6X9uruAK5Gi
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
564bb0373067e1785cba7e4c24aab4bf
-
SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1
-
SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
-
SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
-
SSDEEP
192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1