azorult | f1b005d740cbdb6bf8586f6fc4df175819027595190e56672e3cce2f0c8cfc21 | Triage

Submit
Reports

Overview

overview

Static

static

f1b005d740...21.exe

windows7_x64

f1b005d740...21.exe

windows10_x64

Resubmissions

22-05-2020 12:09

200522-ma725l8pgx 10

21-05-2020 12:19

200521-swjn81cqpe 10

Sharing

General

Target

f1b005d740cbdb6bf8586f6fc4df175819027595190e56672e3cce2f0c8cfc21.exe
Size

259KB
Sample

200522-ma725l8pgx
MD5

b55f731add11aec9c9b00fe42d8f0f53
SHA1

7114fbda0e1ce247dd227e3d54d22fa809a0c5ee
SHA256

f1b005d740cbdb6bf8586f6fc4df175819027595190e56672e3cce2f0c8cfc21
SHA512

f9291667b8c1ae07e9993cee4269e19765b1c506a2c24411459f60f65da7c513b383cc328345961e8350642cebf0448d85ee93a2594607dd0ee866c39e2d7cb9

Score

10^/10

azorult evasion infostealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f1b005d740cbdb6bf8586f6fc4df175819027595190e56672e3cce2f0c8cfc21.exe

Resource

win7v200430

azorult evasion infostealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f1b005d740cbdb6bf8586f6fc4df175819027595190e56672e3cce2f0c8cfc21.exe

Resource

win10v200430

azorult infostealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  f1b005d740cbdb6bf8586f6fc4df175819027595190e56672e3cce2f0c8cfc21.exe
- Size
  
  259KB
- MD5
  
  b55f731add11aec9c9b00fe42d8f0f53
- SHA1
  
  7114fbda0e1ce247dd227e3d54d22fa809a0c5ee
- SHA256
  
  f1b005d740cbdb6bf8586f6fc4df175819027595190e56672e3cce2f0c8cfc21
- SHA512
  
  f9291667b8c1ae07e9993cee4269e19765b1c506a2c24411459f60f65da7c513b383cc328345961e8350642cebf0448d85ee93a2594607dd0ee866c39e2d7cb9
Score

10^/10

azorult evasion infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultevasioninfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy