azorult | 1c1676e9f150f9bcaef690dc9c7042930ee33678fb02b24fb649a320df0c5d16 | Triage

Submit
Reports

Overview

overview

Static

static

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

ﱞﱞﱞ�...ฺฺ

windows10_x64

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

1

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

1

ﱞﱞﱞ�...ﱞﱞ

windows7_x64

1

Sharing

General

Target

Photozoom.Pro.5.5.0.2.v.5.0.2.serial.code.maker.zip
Size

4.7MB
Sample

210408-7mqrxm55rs
MD5

6f6c0e2a28407df884b774179447b486
SHA1

7c8b68d9b6113a887f17768d941d4ac7d2cccfea
SHA256

1c1676e9f150f9bcaef690dc9c7042930ee33678fb02b24fb649a320df0c5d16
SHA512

1f33c591b3b6a7b88c794795d63b998f4570b6b2b8a1718b48c29e80fd38a6aaa42b09bd2db7c573cc2bf23bb35d485a6ea89c8d7e6fddec8882845a0ba2f1ee

Score

10^/10

azorult discovery evasion infostealer persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Photozoom.Pro.5.5.0.2.v.5.0.2.serial.code.maker.exe

Resource

win10v20201028

azorult discovery evasion infostealer persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Photozoom.Pro.5.5.0.2.v.5.0.2.serial.code.maker.exe

Resource

win10v20201028

azorult discovery evasion infostealer persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Photozoom.Pro.5.5.0.2.v.5.0.2.serial.code.maker.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

Photozoom.Pro.5.5.0.2.v.5.0.2.serial.code.maker.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

Photozoom.Pro.5.5.0.2.v.5.0.2.serial.code.maker.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://kvaka.li/1210776429.php

Targets

- Target
  
  Photozoom.Pro.5.5.0.2.v.5.0.2.serial.code.maker.exe
- Size
  
  4.8MB
- MD5
  
  61e0e846e4a326fbe9f8cb873d644c6a
- SHA1
  
  a7fd6f5772d2a594972919743651c25309d7e622
- SHA256
  
  548af4c5f5e7897cca22f8f1629a06788d05c0ca9df90d4bc034a105ae5c875c
- SHA512
  
  2a064775995677be01ce0924431a8823dc767868ddf8a219cccf87af206f295868c7edb54e2304b84c9e50849438df5fa085081c1b5f277f3c405adbdeb5965c
Score

10^/10

azorult discovery evasion infostealer persistence spyware stealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

azorultdiscoveryevasioninfostealerpersistencespywarestealertrojanupx

behavioral2

azorultdiscoveryevasioninfostealerpersistencespywarestealertrojanupx

behavioral3

behavioral4

behavioral5

© 2018-2024

Terms | Privacy