azorult | d50c0940cc8fbd9191605300ba3d46b37fca50e66bae3e498f8db1d69765c324 | Triage

Submit
Reports

Overview

overview

Static

static

1

TRF556.exe

windows7_x64

TRF556.exe

windows10_x64

Sharing

General

Target

TRF556.r19
Size

140KB
Sample

210407-b8kz1k438a
MD5

e5a4b3f7b6aa1dd46d1ba0ebda16b1b2
SHA1

8d7c72fc42ad866a1e71704443e386dba3b7a114
SHA256

d50c0940cc8fbd9191605300ba3d46b37fca50e66bae3e498f8db1d69765c324
SHA512

8e7c2c8f1a3e2d815bfbd23ff91fa466fe74e3a8709407e4361d84ef5825acec1a314ec0bd97d65c1ca62386db855557e9a2a93c45e915c7a1fa7d73b3a31410

Score

10^/10

azorult infostealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TRF556.exe

Resource

win7v20201028

azorult infostealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TRF556.exe

Resource

win10v20201028

azorult infostealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://staging.onyxa.pl/XyuTr/index.php

Targets

- Target
  
  TRF556.exe
- Size
  
  151KB
- MD5
  
  176a4c87caf897d3f61d61982d15cc3f
- SHA1
  
  ae7929d20aa539f2cb335da583e65c34ebc8570e
- SHA256
  
  e1cd2c612de575de87de7747c4efe1235d5e5011beb913666ed449031fcf98da
- SHA512
  
  feef09d6755d95def859dbd48624305ea4bc1b7574d1c5f177376d683bbb65618938a098ae70a4f0acd4619b96d17d7f52040796a250d329a5c3c171fa55a66b
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy