azorult | b219b1a4ce213036313ffc366e1bcfda433bf68b996c250819181b08701494bd

Resubmissions

02-03-2020 16:48

12-02-2020 16:43

15-11-2019 07:22

Target

azorult.exe
Size

828KB
MD5

0c77b6f095bbc4d470f79cc7aa9bd864
SHA1

20d104338a02d32b08da41290e633f7167807cac
SHA256

b219b1a4ce213036313ffc366e1bcfda433bf68b996c250819181b08701494bd
SHA512

6e14d83ba5bc70317d69305d051be70a63fcef642c049bc1787247c9a4afc418217ab316698fc3387b46df3fb1fab157a64583bca3dba09b8dd3cbbc9d177340

Score

10^/10

Family

azorult

http://waresystem.com/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Suspicious use of SetThreadContext 1 IoCs

Processes:

azorult.exe

description pid process target process

PID 1316 set thread context of 1084 1316 azorult.exe azorult.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

azorult.exe

pid process

1316 azorult.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

azorult.exe

pid process

1316 azorult.exe
1316 azorult.exe

description	pid	process	target process
PID 1316 set thread context of 1084	1316	azorult.exe	azorult.exe

pid	process
1316	azorult.exe

pid	process
1316	azorult.exe
1316	azorult.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

azorult.exe

description	pid	process	target process
PID 1316 wrote to memory of 1084	1316	azorult.exe	azorult.exe
PID 1316 wrote to memory of 1084	1316	azorult.exe	azorult.exe
PID 1316 wrote to memory of 1084	1316	azorult.exe	azorult.exe
PID 1316 wrote to memory of 1084	1316	azorult.exe	azorult.exe

C:\Users\Admin\AppData\Local\Temp\azorult.exe
"C:\Users\Admin\AppData\Local\Temp\azorult.exe"
2⤵
PID:1084

memory/1084-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1084-1-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download