Overview

overview

10

Static

static

88cc05b70c...7b.exe

windows7_x64

10

88cc05b70c...7b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88cc05b70c391a2c1ac1215bf9f2c09b7934015a9868c9467cb1801187bbf97b.exe

  • Size

    633KB

  • Sample

    210306-ye44lw7kdn

  • MD5

    a2c12e1cb2edc764a914e1bbb15ebddd

  • SHA1

    034711671b3390efae46fd94029f0386601a5b76

  • SHA256

    88cc05b70c391a2c1ac1215bf9f2c09b7934015a9868c9467cb1801187bbf97b

  • SHA512

    ab541504acacc3fad9a0d75777ef3935c0b50aaf0de92e8014d590c2dbaa5ead4d9ba048de303b50808b8cad0eab86fb07aeddf9895b2c7e9e679d25900a1e83

Score
10/10
azorultdiscoveryinfostealerspywaretrojan

Malware Config

Extracted

Family

azorult

C2

http://elovisboy.com/PL341/index.php

Targets

    • Target

      88cc05b70c391a2c1ac1215bf9f2c09b7934015a9868c9467cb1801187bbf97b.exe

    • Size

      633KB

    • MD5

      a2c12e1cb2edc764a914e1bbb15ebddd

    • SHA1

      034711671b3390efae46fd94029f0386601a5b76

    • SHA256

      88cc05b70c391a2c1ac1215bf9f2c09b7934015a9868c9467cb1801187bbf97b

    • SHA512

      ab541504acacc3fad9a0d75777ef3935c0b50aaf0de92e8014d590c2dbaa5ead4d9ba048de303b50808b8cad0eab86fb07aeddf9895b2c7e9e679d25900a1e83

    Score
    10/10
    azorultdiscoveryinfostealerspywaretrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

4
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

4
T1005

Exfiltration

Command and Control

Impact

Tasks