azorult | fd975fd3af1f754bf7b03eca4ae29e3054f34f7176b26c2578efddde76947f70 | Triage

Submit
Reports

Overview

overview

Static

static

MTIR202832...DF.exe

windows7_x64

MTIR202832...DF.exe

windows10_x64

Sharing

General

Target

MTIR20283256_2101013335_20200507083759.PDF.exe
Size

406KB
Sample

201109-p4nasaesss
MD5

6c378a9a4067f1affdb254dfa96943da
SHA1

12911df0be6ae9f4292038e60c5aad41073c55fd
SHA256

fd975fd3af1f754bf7b03eca4ae29e3054f34f7176b26c2578efddde76947f70
SHA512

33dc7b3b743bc77efea699a3508b4fbe1f0707cd6ad38f9cba8a1257b4c881d5cf6212d3c3a8cf1e3efe46dadff55747b1dee0b6df8942e268891e2a3d8f3858

Score

10^/10

azorult coreentity discovery infostealer rezer0 trojan

Static task

static1

Behavioral task

behavioral1

Sample

MTIR20283256_2101013335_20200507083759.PDF.exe

Resource

win7v20201028

azorult coreentity discovery infostealer rezer0 trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MTIR20283256_2101013335_20200507083759.PDF.exe

Resource

win10v20201028

azorult coreentity infostealer rezer0 trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://ensaenerji.com/mep/index.php

Targets

- Target
  
  MTIR20283256_2101013335_20200507083759.PDF.exe
- Size
  
  406KB
- MD5
  
  6c378a9a4067f1affdb254dfa96943da
- SHA1
  
  12911df0be6ae9f4292038e60c5aad41073c55fd
- SHA256
  
  fd975fd3af1f754bf7b03eca4ae29e3054f34f7176b26c2578efddde76947f70
- SHA512
  
  33dc7b3b743bc77efea699a3508b4fbe1f0707cd6ad38f9cba8a1257b4c881d5cf6212d3c3a8cf1e3efe46dadff55747b1dee0b6df8942e268891e2a3d8f3858
Score

10^/10

azorult coreentity discovery infostealer rezer0 trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultcoreentitydiscoveryinfostealerrezer0trojan

behavioral2

azorultcoreentityinfostealerrezer0trojan

© 2018-2024

Terms | Privacy