azorult | e5a815ee2d9857e6b8477c44baef139dd1b0457fd0d7b1293c357eddc3d90c81 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

e5a815ee2d...81.exe

windows7_x64

e5a815ee2d...81.exe

windows10_x64

Sharing

General

Target

e5a815ee2d9857e6b8477c44baef139dd1b0457fd0d7b1293c357eddc3d90c81.exe
Size

693KB
Sample

200707-khdzkl8ze2
MD5

161e0b9b80e449fd4b0497cde4167c42
SHA1

78a9a6b69af7e273c4c436d80596a7fcc075f3ef
SHA256

e5a815ee2d9857e6b8477c44baef139dd1b0457fd0d7b1293c357eddc3d90c81
SHA512

0cc7848d199478cbf85031f8d80e5ab680fcf99e1c002eaff96fcb6b0d6330d941d8937a7d8b5ce0f20e250a07f6cd41c1bb9f939c583b9fdce8fe6d9f2b6ead

Score

10^/10

azorult discovery infostealer spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

e5a815ee2d9857e6b8477c44baef139dd1b0457fd0d7b1293c357eddc3d90c81.exe

Resource

win7v200430

discovery trojan infostealer azorult spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e5a815ee2d9857e6b8477c44baef139dd1b0457fd0d7b1293c357eddc3d90c81.exe

Resource

win10

trojan infostealer azorult

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://165.22.238.167/index.php

Targets

- Target
  
  e5a815ee2d9857e6b8477c44baef139dd1b0457fd0d7b1293c357eddc3d90c81.exe
- Size
  
  693KB
- MD5
  
  161e0b9b80e449fd4b0497cde4167c42
- SHA1
  
  78a9a6b69af7e273c4c436d80596a7fcc075f3ef
- SHA256
  
  e5a815ee2d9857e6b8477c44baef139dd1b0457fd0d7b1293c357eddc3d90c81
- SHA512
  
  0cc7848d199478cbf85031f8d80e5ab680fcf99e1c002eaff96fcb6b0d6330d941d8937a7d8b5ce0f20e250a07f6cd41c1bb9f939c583b9fdce8fe6d9f2b6ead
Score

10^/10

discovery trojan infostealer azorult spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverytrojaninfostealerazorultspyware

behavioral2

trojaninfostealerazorult

© 2018-2025

Terms | Privacy