azorult | 6d831aaa4b8ee1c41b519dad3a7de26c9cae4d71786609a178a62560697c4078 | Triage

Submit
Reports

Overview

overview

Static

static

usa (1).doc.rtf

windows7_x64

usa (1).doc.rtf

windows10_x64

1

Sharing

General

Target

usa (1).doc
Size

1.6MB
Sample

200710-arqqffh7ej
MD5

2bb2d4cd00b57d4f9a23cf1f47235dcf
SHA1

18e0c460dde1db288f547cc8a6265bf365587ebb
SHA256

6d831aaa4b8ee1c41b519dad3a7de26c9cae4d71786609a178a62560697c4078
SHA512

4753910b4bccef05872fdb3b10f837e26b609a53845bd64155b826d1c9e9027f8fbadb953286404bd8ead3720f6db5137dad28a40d8de19ea356af79c14dea46

Score

10^/10

azorult discovery infostealer spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

usa (1).doc.rtf

Resource

win7

spyware discovery trojan infostealer azorult

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

usa (1).doc.rtf

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://usa24i3.duckdns.org/usfold/109.mt

ps1.dropper

http://usa24i3.duckdns.org/usfold/us3459.m98

Targets

- Target
  
  usa (1).doc
- Size
  
  1.6MB
- MD5
  
  2bb2d4cd00b57d4f9a23cf1f47235dcf
- SHA1
  
  18e0c460dde1db288f547cc8a6265bf365587ebb
- SHA256
  
  6d831aaa4b8ee1c41b519dad3a7de26c9cae4d71786609a178a62560697c4078
- SHA512
  
  4753910b4bccef05872fdb3b10f837e26b609a53845bd64155b826d1c9e9027f8fbadb953286404bd8ead3720f6db5137dad28a40d8de19ea356af79c14dea46
Score

10^/10

spyware discovery trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarediscoverytrojaninfostealerazorult

behavioral2

© 2018-2024

Terms | Privacy