Overview

overview

10

Static

static

3

5a76535104...25.exe

windows7-x64

10

5a76535104...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aed0d25af8dbf513a0cdba6c1a144ec0.bin

  • Size

    370KB

  • Sample

    240701-dksq6athmh

  • MD5

    aed0d25af8dbf513a0cdba6c1a144ec0

  • SHA1

    82f8d9bbce6d6bc55738686a9f095c8419ab54d6

  • SHA256

    58967f9cf22df6119b110d5a0f55ec1ca8cedfda63e7fa5b90301c52474a731f

  • SHA512

    23a25935da8a5a98f742d5001b9d40b2080669eca3f1b22211f78de621a1dd0f7b47213816357b0000eb9384e0159e2131d9308a24f399336f465c43cbed6ea9

  • SSDEEP

    6144:XB2FMpDLZFzIpnNloY2G3/VCbSp9E5wn3xNSLQS+OIqRVbXnQVpFNlqQlMH:R2FeZ2pN3cbQ9TeQpOIeQLV+

Score
10/10
azorultinfostealertrojanupx

Malware Config

Extracted

Family

azorult

C2

http://benchadcrd.nl/gate.php

Targets

    • Target

      5a765351046fea1490d20f25.exe

    • Size

      377KB

    • MD5

      1c234a8879840da21f197b2608a164c9

    • SHA1

      ed7f6d70968fed5cf59ed2a141fca928e1b0522f

    • SHA256

      e9cfb6eb3a77cd6ea162cf4cb131b5f6ad2a679c0ba9757d718c2f9265a9668f

    • SHA512

      4d1e82700307cb87196554c459e0b36966f454777876a80a929977ede6d73230611bd0424a57cd0e5f11183b4b13d0e5549830a9effe467b644fa1ddcfc940f2

    • SSDEEP

      6144:IHDNS5okyd+3xOFd0RM9910Qo50yuuJGmdmESvhI3BoUw0h8vIkUm4ggfsJWr:gS5bA+3xOFOG9P6buG7m5gRwJXU/

    Score
    10/10
    azorultinfostealertrojanupx

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks