azorult | 2084b62c05ac13dfa48fde86f237473d35f3f169c030b829ceb49f3005b6451c | Triage

Submit
Reports

Overview

overview

Static

static

IMG_767893434432.scr

windows7_x64

IMG_767893434432.scr

windows10_x64

Sharing

General

Target

IMG_767893434432.scr
Size

360KB
Sample

210407-y4zax1my52
MD5

641e970f32447644bd26570d3be688a1
SHA1

fb4aac120c7d4543326e06f1438a570a62524b86
SHA256

2084b62c05ac13dfa48fde86f237473d35f3f169c030b829ceb49f3005b6451c
SHA512

6b89cb2faa64a2345a61792c5ac577b73aa11d9072185ab2f31a2b61a5c1d68784cf85d5702941ba5ef9c5bd8f82cb53113906a4e437cb7648e307d043904bbe

Score

10^/10

azorult discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IMG_767893434432.scr

Resource

win7v20201028

azorult infostealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG_767893434432.scr

Resource

win10v20201028

azorult discovery infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

https://sterline.lt/lokk/32/index.php

Targets

- Target
  
  IMG_767893434432.scr
- Size
  
  360KB
- MD5
  
  641e970f32447644bd26570d3be688a1
- SHA1
  
  fb4aac120c7d4543326e06f1438a570a62524b86
- SHA256
  
  2084b62c05ac13dfa48fde86f237473d35f3f169c030b829ceb49f3005b6451c
- SHA512
  
  6b89cb2faa64a2345a61792c5ac577b73aa11d9072185ab2f31a2b61a5c1d68784cf85d5702941ba5ef9c5bd8f82cb53113906a4e437cb7648e307d043904bbe
Score

10^/10

azorult infostealer trojan discovery spyware stealer
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultdiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy