azorult | b536109b12ec8997266a6c403c538ebbe5fcb6f148920cd3441d777585d6a2ff | Triage

Submit
Reports

Overview

overview

Static

static

Corona-vir...in.exe

windows7_x64

Corona-vir...in.exe

windows10_x64

Sharing

General

Target

200303-9d7lv2sqve_pw_infected.zip
Size

2.8MB
Sample

201123-ztvclwj7dx
MD5

f40b7564a4d2e78157396342c2266260
SHA1

d02fd117a7cf5b72fe458a425682a92030c2bc7c
SHA256

b536109b12ec8997266a6c403c538ebbe5fcb6f148920cd3441d777585d6a2ff
SHA512

bec212a51a7f36f293568052c3b11f11502a81dc9ae02b014b32efcb5f6dfba9a13fab9472f7fa5da989975d374ac72a617f7e85ce5a62d73f4e34dbc5e78ecb

Score

10^/10

azorult discovery evasion infostealer spyware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Corona-virus-Map.com.bin.exe

Resource

win7v20201028

azorult discovery evasion infostealer spyware trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Corona-virus-Map.com.bin.exe

Resource

win10v20201028

azorult discovery evasion infostealer spyware trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://coronavirusstatus.space/index.php

Targets

- Target
  
  Corona-virus-Map.com.bin
- Size
  
  3.3MB
- MD5
  
  73da2c02c6f8bfd4662dc84820dcd983
- SHA1
  
  949b69bf87515ad8945ce9a79f68f8b788c0ae39
- SHA256
  
  2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307
- SHA512
  
  43daa65bc057abc5e07b909eb71361c8488863c7c8a4a271b426b06cb8c16d3f7db8e66051627a50d392ff088cd619e00a7ac075454dccf901a4271251c9c6e3
Score

10^/10

azorult discovery evasion infostealer spyware trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultdiscoveryevasioninfostealerspywaretrojanupx

behavioral2

azorultdiscoveryevasioninfostealerspywaretrojanupx

© 2018-2024

Terms | Privacy