General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
azorult
http://boglogov.site/index.php
Targets
-
-
Target
http://github.com/Da2dalus/The-MALWARE-Repo
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Modifies Windows Defender Real-time Protection settings
-
Rms family
-
UAC bypass
-
Windows security bypass
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Modifies Windows Firewall
-
Stops running service(s)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Hide Artifacts: Hidden Users
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
3Windows Service
3Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
1Hidden Users
1Impair Defenses
5Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
3