General
-
Target
Dekont#400577_89008_96634.exe
-
Size
641KB
-
Sample
241104-nsaweszdjk
-
MD5
1d14f171fd8a6a070150c81abed8b966
-
SHA1
605071e065fd88525285c736dcc5f8461a60195c
-
SHA256
ffb9748a0ed7684161780e27a733f2ab11071515cc27905767813a32c8c308ff
-
SHA512
a337e284c26b730b72859c509decbc7d8733efd2729ae5d280558a504c6837e2546eb037edfad7b0f00c0b1c1cdd8e42728fc5e33dbb9f2a01315cbc47ab5182
-
SSDEEP
12288:cT02SzNhc9bP9qhlkT+8dLb1c09/p6X9uruAK5Gi:cTbSzNy9bP9Elo1O0Fp6NBAWGi
Static task
static1
Behavioral task
behavioral1
Sample
Dekont#400577_89008_96634.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Dekont#400577_89008_96634.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
http://89.40.31.232/12/index.php
Targets
-
-
Target
Dekont#400577_89008_96634.exe
-
Size
641KB
-
MD5
1d14f171fd8a6a070150c81abed8b966
-
SHA1
605071e065fd88525285c736dcc5f8461a60195c
-
SHA256
ffb9748a0ed7684161780e27a733f2ab11071515cc27905767813a32c8c308ff
-
SHA512
a337e284c26b730b72859c509decbc7d8733efd2729ae5d280558a504c6837e2546eb037edfad7b0f00c0b1c1cdd8e42728fc5e33dbb9f2a01315cbc47ab5182
-
SSDEEP
12288:cT02SzNhc9bP9qhlkT+8dLb1c09/p6X9uruAK5Gi:cTbSzNy9bP9Elo1O0Fp6NBAWGi
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
564bb0373067e1785cba7e4c24aab4bf
-
SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1
-
SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
-
SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
-
SSDEEP
192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1