Description
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
1bdc2e52d60b1151283603fe143af888d5a9fb08a40cdac27007a3e762a2263b.exe
General
Target
Size
Sample
1bdc2e52d60b1151283603fe143af888d5a9fb08a40cdac27007a3e762a2263b.exe
754KB
201119-1pvr2mmdca
Score
10 /10
MD5
SHA1
SHA256
SHA512
4b1d970808aa7e726afe96ece1c8735e
5081f80c5ff8acb2fa7c2be9297a7a13184e901d
1bdc2e52d60b1151283603fe143af888d5a9fb08a40cdac27007a3e762a2263b
5cc250c0116d0eeb0b9cfe98dab7f91b0331e2d15065fa5f97663f5a2cabb0bd419a18e9b7c17bd3d727fe9c8eb5f11e9b858b205abea0486f55a3b1fe70bd2c
Malware Config
Extracted
| Family | azorult |
| C2 |
http://52.58.209.130/index.php |
Targets
Target
MD5
Filesize
1bdc2e52d60b1151283603fe143af888d5a9fb08a40cdac27007a3e762a2263b.exe
4b1d970808aa7e726afe96ece1c8735e
754KB
Score
10 /10
SHA1
SHA256
SHA512
5081f80c5ff8acb2fa7c2be9297a7a13184e901d
1bdc2e52d60b1151283603fe143af888d5a9fb08a40cdac27007a3e762a2263b
5cc250c0116d0eeb0b9cfe98dab7f91b0331e2d15065fa5f97663f5a2cabb0bd419a18e9b7c17bd3d727fe9c8eb5f11e9b858b205abea0486f55a3b1fe70bd2c
Tags
Signatures
-
Azorult
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
JavaScript code in executable
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks