azorult | 09758dfa192e1932726afa788ef5272c035f6e95e398b20db04a68fd698e3258 | Triage

Submit
Reports

Overview

overview

Static

static

8d58498de3...87.exe

windows7_x64

8d58498de3...87.exe

windows10_x64

Sharing

General

Target

8d58498de34e8674d319dc578b7b5f87.exe
Size

112KB
Sample

201111-mxvlj5kglx
MD5

8d58498de34e8674d319dc578b7b5f87
SHA1

d70595f68878b2bd1a308015e1963186ca73cce8
SHA256

09758dfa192e1932726afa788ef5272c035f6e95e398b20db04a68fd698e3258
SHA512

ebd012b23e57ee1617aa7e15ea101c43a87b18e8108cb9c01f7096fa03829728f51effc3324499dc48964fce4f65f8b280b08896750f049e0f86462c3ef8cb6b

Score

10^/10

azorult discovery infostealer spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

8d58498de34e8674d319dc578b7b5f87.exe

Resource

win7v20201028

azorult infostealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8d58498de34e8674d319dc578b7b5f87.exe

Resource

win10v20201028

azorult discovery infostealer spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

https://www.themindset.org.ng/nc_assets/fonts/098/index.php

Targets

- Target
  
  8d58498de34e8674d319dc578b7b5f87.exe
- Size
  
  112KB
- MD5
  
  8d58498de34e8674d319dc578b7b5f87
- SHA1
  
  d70595f68878b2bd1a308015e1963186ca73cce8
- SHA256
  
  09758dfa192e1932726afa788ef5272c035f6e95e398b20db04a68fd698e3258
- SHA512
  
  ebd012b23e57ee1617aa7e15ea101c43a87b18e8108cb9c01f7096fa03829728f51effc3324499dc48964fce4f65f8b280b08896750f049e0f86462c3ef8cb6b
Score

10^/10

azorult infostealer trojan discovery spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultdiscoveryinfostealerspywaretrojan

© 2018-2024

Terms | Privacy