azorult | c6971c3516ab280c7c6985ccc94062547116fcd3a7593fc84704030169c16e59 | Triage

Sharing

General

Target

invoice.scr
Size

356KB
Sample

210412-492esnvlms
MD5

0f62ad64933edb9e9a62124f8f965d8c
SHA1

56f858b120126d45e384da71cc198a4f8f87870f
SHA256

c6971c3516ab280c7c6985ccc94062547116fcd3a7593fc84704030169c16e59
SHA512

61e28fd209bbe5ee006e5afc751fe441a89d98ca2471139ff5c6f825af402b408d90d8fab8acf51116d09e6d4329220f6a24238f8bdd282711181cf6231c677e

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

https://sterline.lt/lokk/32/index.php

Targets

- Target
  
  invoice.scr
- Size
  
  356KB
- MD5
  
  0f62ad64933edb9e9a62124f8f965d8c
- SHA1
  
  56f858b120126d45e384da71cc198a4f8f87870f
- SHA256
  
  c6971c3516ab280c7c6985ccc94062547116fcd3a7593fc84704030169c16e59
- SHA512
  
  61e28fd209bbe5ee006e5afc751fe441a89d98ca2471139ff5c6f825af402b408d90d8fab8acf51116d09e6d4329220f6a24238f8bdd282711181cf6231c677e
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan