Cybaze-Yoroi ZLAB malware researchers decided to use the NSA Ghidra suite in a real case study, the analysis of the AZORult malware. The malware is a PE32 file apparently coded in Visual C++, containing references to major IT companies in its metadata fields like Google and Amazon. We are able to isolate only a few actions of the malware, because its C2 server wasnt active at the time of analysis, probably due to a configuration error. After contacting the server, the sample does not have the possibility to download other components and configurations.”]
Source: https://securityaffairs.co/wordpress/83211/cyber-crime/azorult-nsa-ghidra.html