Resubmissions

28-11-2024 19:05

241128-xrs52swrfx 3

28-11-2024 18:59

241128-xm59tawqcw 3

28-11-2024 18:56

241128-xlkayswpgs 10

28-11-2024 18:52

241128-xjhz4swpbt 10

General

  • Target

    Euro_Truck_keygen_by_KeyGenGuru.zip

  • Size

    5.0MB

  • Sample

    241128-xjhz4swpbt

  • MD5

    5e4b59eafe95c4c282e2cc0e583e9c2e

  • SHA1

    60718f8cf1624b17dccc19cec627e253915e4beb

  • SHA256

    064ac471f84251c90c80fcd9c758c4e0a83f59a7d4fb584af0c7f3599b9efbf6

  • SHA512

    97ebb4c22eededaa581c98a7f9dcd8a0e8975b91f5792fb2594e6796e70161ab349274fba0c040b72b74893a11e143706638fa504ed8c8bcd763b8db66a25f87

  • SSDEEP

    98304:m3jyuGTLyzbghu+UolRNLUg1dX/OY+EZZIOpqTeJTJYq8paLm+MCCuRtPyWA7XVc:m3Wd8bgh3ULiX5LZZhpseJTJbax+dCuV

Malware Config

Extracted

Family

azorult

C2

http://upqx.ru/1210776429.php

Extracted

Family

pony

C2

http://top.regdnl.ru/bussin/gate.php

Targets

    • Target

      Euro_Truck_keygen_by_KeyGenGuru.exe

    • Size

      5.1MB

    • MD5

      292885a40b0c89d819ab4b4fe3adf302

    • SHA1

      7f5588147add8e4f4909068220527762b1bbfc2b

    • SHA256

      b1f2b5a112f09308cf736e3746a11bd09fe84c7024d1601a44ede496361acb65

    • SHA512

      23e6f515d8691a590e1c27ee84a41437996433612b9de39c9b59e3c2562e0394beb226211a45febd930b57eb9508b747bad981a747759100cb27e7835ed72550

    • SSDEEP

      98304:ehbGvDuZFqCrXL+Shff+vW7t4p7bQzVxiGfCI7hnqWo/WDkoLRY7G:eh5zqcLf++aMzV0GqI7B5oODkoLRYa

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks