General
-
Target
0f61bbeefa04009b69aaeef1ac1e05358708caf8a476675dbb2342b1b38988fc.exe
-
Size
648KB
-
Sample
241106-cjmcbasgpe
-
MD5
6fbbdc300fa11d35f4caf2d9509cfcaf
-
SHA1
5bce72cec312e8b0cac43442fc55cead8e0913f3
-
SHA256
0f61bbeefa04009b69aaeef1ac1e05358708caf8a476675dbb2342b1b38988fc
-
SHA512
425d40409dd78648fec7bbebecae5df4463b04514efa0bce108964b634dfe5a3aa79c9713760f664e98d8eebc76f2c7efc79862d9e835ba9104214de06ff4b15
-
SSDEEP
12288:cT02BT4pRkr5guoCqmlxtWeqk79Uaq06p6X9uruAK5Gi:cTbBTmeWuoLmhwQilp6NBAWGi
Static task
static1
Behavioral task
behavioral1
Sample
0f61bbeefa04009b69aaeef1ac1e05358708caf8a476675dbb2342b1b38988fc.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0f61bbeefa04009b69aaeef1ac1e05358708caf8a476675dbb2342b1b38988fc.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
http://geinf0.icu/TL341/index.php
Targets
-
-
Target
0f61bbeefa04009b69aaeef1ac1e05358708caf8a476675dbb2342b1b38988fc.exe
-
Size
648KB
-
MD5
6fbbdc300fa11d35f4caf2d9509cfcaf
-
SHA1
5bce72cec312e8b0cac43442fc55cead8e0913f3
-
SHA256
0f61bbeefa04009b69aaeef1ac1e05358708caf8a476675dbb2342b1b38988fc
-
SHA512
425d40409dd78648fec7bbebecae5df4463b04514efa0bce108964b634dfe5a3aa79c9713760f664e98d8eebc76f2c7efc79862d9e835ba9104214de06ff4b15
-
SSDEEP
12288:cT02BT4pRkr5guoCqmlxtWeqk79Uaq06p6X9uruAK5Gi:cTbBTmeWuoLmhwQilp6NBAWGi
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
564bb0373067e1785cba7e4c24aab4bf
-
SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1
-
SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
-
SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
-
SSDEEP
192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1