azorult | 2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13 | Triage

Submit
Reports

Static

static

2530a6515f...13.exe

windows7_x64

2530a6515f...13.exe

windows10_x64

Sharing

General

Target

2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13.exe
Size

88KB
Sample

200514-bkbzswtn4x
MD5

7e61b2b7856c264f9f70ccaef847494c
SHA1

aa0c219b24a943d0276cb98c3bd6237f24dd6887
SHA256

2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13
SHA512

60b26c9acb0379fa8cb272eeac46d5a08766e5a00389121091ec66d255a5b2d1e4903346e963e097df6b88378e201b44f31d1bfc2117d3d9efc40e90284d5508

Score

10^/10

azorult infostealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13.exe

Resource

win7v200430

azorult infostealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13.exe

Resource

win10v200430

azorult infostealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13.exe
- Size
  
  88KB
- MD5
  
  7e61b2b7856c264f9f70ccaef847494c
- SHA1
  
  aa0c219b24a943d0276cb98c3bd6237f24dd6887
- SHA256
  
  2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13
- SHA512
  
  60b26c9acb0379fa8cb272eeac46d5a08766e5a00389121091ec66d255a5b2d1e4903346e963e097df6b88378e201b44f31d1bfc2117d3d9efc40e90284d5508
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Executes dropped EXE
- Checks QEMU agent state file
  Checks state file used by QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy