azorult | 08771952da5fb62c9beef87b189394b97f3e91935099fea54b822631a2b55cce | Triage

Submit
Reports

Overview

overview

Static

static

e-dekont.html.exe

windows7_x64

e-dekont.html.exe

windows10_x64

Sharing

General

Target

e-dekont.html.exe
Size

655KB
Sample

210106-nsjdjzv7zn
MD5

30e53fa2e0000113a30d3203b7ca54cc
SHA1

c8c0fceaeba9fe921c904054c9787dae109aedaa
SHA256

08771952da5fb62c9beef87b189394b97f3e91935099fea54b822631a2b55cce
SHA512

bd2e1b6b859de4ef0fcd2e538d4206cec1bcf9f5e2797307fb7ac8143adb340a9e3e2e7185355dcf2d48976bddeb3824b2ebaaf4dbaa58afe0f05c81c8faf7d4

Score

10^/10

azorult discovery infostealer persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

e-dekont.html.exe

Resource

win7v20201028

azorult discovery infostealer persistence spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e-dekont.html.exe

Resource

win10v20201028

azorult discovery infostealer persistence spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://blkgrupdoom.info/scgn/index.php

Targets

- Target
  
  e-dekont.html.exe
- Size
  
  655KB
- MD5
  
  30e53fa2e0000113a30d3203b7ca54cc
- SHA1
  
  c8c0fceaeba9fe921c904054c9787dae109aedaa
- SHA256
  
  08771952da5fb62c9beef87b189394b97f3e91935099fea54b822631a2b55cce
- SHA512
  
  bd2e1b6b859de4ef0fcd2e538d4206cec1bcf9f5e2797307fb7ac8143adb340a9e3e2e7185355dcf2d48976bddeb3824b2ebaaf4dbaa58afe0f05c81c8faf7d4
Score

10^/10

azorult discovery infostealer persistence spyware trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealerpersistencespywaretrojan

behavioral2

azorultdiscoveryinfostealerpersistencespywaretrojan

© 2018-2024

Terms | Privacy