azorult | fe117521cd5f1653cebc4d6a3bfd85dfd273e4df7d8e0204205779a951e421bc | Triage

Submit
Reports

Overview

overview

Static

static

Dekont.pdf.exe

windows7_x64

Dekont.pdf.exe

windows10_x64

Sharing

General

Target

Dekont.pdf.exe
Size

410KB
Sample

210107-kv3xcynav2
MD5

0127bfef7d4408d3384e5792da7384d0
SHA1

261532f47c7467e35b1b6d405c1a0748182f768f
SHA256

fe117521cd5f1653cebc4d6a3bfd85dfd273e4df7d8e0204205779a951e421bc
SHA512

74a09f8a1712ef8b04b2d0664152f163a1e1a819f7ba2670d61d21646ce17e3e297a5f54cc24f6a98d768f1a5ec526877264278e6356cde11fc324102a2d317d

Score

10^/10

azorult discovery infostealer persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Dekont.pdf.exe

Resource

win7v20201028

azorult discovery infostealer persistence spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Dekont.pdf.exe

Resource

win10v20201028

azorult discovery infostealer persistence spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://blkgrupdoom.info/scgn/index.php

Targets

- Target
  
  Dekont.pdf.exe
- Size
  
  410KB
- MD5
  
  0127bfef7d4408d3384e5792da7384d0
- SHA1
  
  261532f47c7467e35b1b6d405c1a0748182f768f
- SHA256
  
  fe117521cd5f1653cebc4d6a3bfd85dfd273e4df7d8e0204205779a951e421bc
- SHA512
  
  74a09f8a1712ef8b04b2d0664152f163a1e1a819f7ba2670d61d21646ce17e3e297a5f54cc24f6a98d768f1a5ec526877264278e6356cde11fc324102a2d317d
Score

10^/10

azorult discovery infostealer persistence spyware trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealerpersistencespywaretrojan

behavioral2

azorultdiscoveryinfostealerpersistencespywaretrojan

© 2018-2024

Terms | Privacy