Overview

overview

10

Static

static

3

??????????...??.exe

windows7-x64

10

??????????...??.exe

windows10-2004-x64

10

??????????...??.exe

windows10-ltsc_2021-x64

10

??????????...??.exe

windows11-21h2-x64

10

jjhluxw.exe

windows7-x64

3

jjhluxw.exe

windows10-2004-x64

3

jjhluxw.exe

windows10-ltsc_2021-x64

3

jjhluxw.exe

windows11-21h2-x64

3

Resubmissions

19/03/2025, 20:13

250319-yzdk1a1yew 10

06/12/2023, 15:44

231206-s6hkmsea7x 10

16/11/2023, 20:24

231116-y6snhage4w 10

05/04/2023, 06:56

230405-hqtymacc52 10

04/04/2023, 08:02

230404-jw4wfsdf69 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ??????????? ??????????????.exe

  • Size

    234KB

  • Sample

    250319-yzdk1a1yew

  • MD5

    38d378ff52ea3dba53a07eee3ed769c7

  • SHA1

    94181ebcbe353d496701681b6bd03e06c1c63751

  • SHA256

    0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4

  • SHA512

    ab096595c92f3bca5659b2156e3daed47f70dd8ab3ddff1506ff164a50fa4d15f2503776d43633056ebcb569255295f8f7af53a031f552da1a3f73d017c105cc

  • SSDEEP

    6144:gYa6oBsctoZqfq4S4JV2p9wubvEjRTsObhUXLbPp:gYxcCZqHp2prEVs+C7F

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://141.98.6.162/office/index.php

Targets

    • Target

      ??????????? ??????????????.exe

    • Size

      234KB

    • MD5

      38d378ff52ea3dba53a07eee3ed769c7

    • SHA1

      94181ebcbe353d496701681b6bd03e06c1c63751

    • SHA256

      0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4

    • SHA512

      ab096595c92f3bca5659b2156e3daed47f70dd8ab3ddff1506ff164a50fa4d15f2503776d43633056ebcb569255295f8f7af53a031f552da1a3f73d017c105cc

    • SSDEEP

      6144:gYa6oBsctoZqfq4S4JV2p9wubvEjRTsObhUXLbPp:gYxcCZqHp2prEVs+C7F

    Score
    10/10
    azorultdiscoveryinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Azorult family

      azorult

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

    • Target

      jjhluxw.exe

    • Size

      108KB

    • MD5

      5f16ae72eb6fbd3040d5d3c18c5ac304

    • SHA1

      4e1604b5e763aa9f336996c75cb3e8436f16850f

    • SHA256

      3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    • SHA512

      7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    • SSDEEP

      3072:Mgke83whBLmHr9x5FKEY8Hs+k3d0Ge4NStHywRR+NwX3:MgwA0rGEY0AWRV3

    Score
    3/10
    discovery
    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks