General

  • Target

    JaffaCakes118_684b9acd2a79e7ca09e996a6f6c9788c997eef5085558939cf5b125f7c39cf56

  • Size

    216KB

  • Sample

    241224-xbnkmatqgm

  • MD5

    f4950efed5a367a786650b56eca94bc6

  • SHA1

    30d68a629e5c49a768da34ed4af28143d1cad1fc

  • SHA256

    684b9acd2a79e7ca09e996a6f6c9788c997eef5085558939cf5b125f7c39cf56

  • SHA512

    2fbf4a815a800bbd93da1ac2a3c0fd448ec3e2499d9eb63b1850e44028a6c6cd98e350a94f4abd3d65e423bd9429bb6465522430fd2278ee7fa9148a1f0b1515

  • SSDEEP

    6144:2CdTx2M8iR/Ad7DWGrHvtvLvXqaKcEl2O7TzKQwXmXfryy:2CT4gIWi1ricEl2O7TdwXmXDyy

Malware Config

Extracted

Family

azorult

C2

http://bengalcement.com.bd/AxPu/index.php

Targets

    • Target

      ZiraatTRK6575740.exe

    • Size

      345KB

    • MD5

      710472a8addb7f60ad0cf827edc0f51a

    • SHA1

      6f0a0dd32734de4b5529c87d5b73001bb8a2b37f

    • SHA256

      07901d29fd52f346dfc7af58c41499260674510d887bedb11e9a5c9a87967c85

    • SHA512

      42b295bb466ac87d441aa7bbbe22ce49e66079dbf28e58eb9ce8fdec82a716afb719ea2c94b68edc6e891a67937a52a561a232edb093687ca0dfec77d83cc1ee

    • SSDEEP

      6144:8DIXx1xeTIIIIIIIIIIISIIIIIIIIIIlIIIasooo7ObIIGII4Ijie2QPw2qrEY33:dVeTIIIIIIIIIIISIIIIIIIIIIlIIIlB

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/cse4roo.dll

    • Size

      5KB

    • MD5

      55ece16004aa5f4e2922619cd4550be1

    • SHA1

      314c0edc2a812e88da96322d340919f63a392d8d

    • SHA256

      3ce9036a2569c7c3c15061528ecf49747620d4fd3b22338694c9525c6c0e4fc3

    • SHA512

      25cba598082fc6d7705a0c0e7de491fe156fce88308fe510d70d40c01bf458849cf9f50f190ad67ca742b2829357170978accae1d3eeb9190850d3dc4746aa24

    • SSDEEP

      48:StQJNdo8BP/hHSmDJjtrMOGa4zzBvoAXAdUMQ9BgKRuqS:PRjZDGXHBgVueqx

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks