azorult | 08e0421fa353767d47c42eaab0169124626eb8e5ed4e801a0a279e93481aee96 | Triage

Submit
Reports

Overview

overview

Static

static

invoice.scr

windows7_x64

invoice.scr

windows10_x64

Sharing

General

Target

invoice.rar
Size

249KB
Sample

210413-nsfr4bnprx
MD5

28d602e477a1a91ff9050a82b164a01b
SHA1

7abbadc94e56730ba4ccaf61e53f48c0f09170c9
SHA256

08e0421fa353767d47c42eaab0169124626eb8e5ed4e801a0a279e93481aee96
SHA512

03113cab3ab56836969b536e01576925cf7fd23967246e93d89bcb5a3db4899e7e1605f1c46ca7fe4ebc4fbe006c9ecd5d67e08de78bc85e995f2b32227e8cb3

Score

10^/10

azorult discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

invoice.scr

Resource

win7v20210408

azorult infostealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice.scr

Resource

win10v20210408

azorult discovery infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

https://sterline.lt/lokk/32/index.php

Targets

- Target
  
  invoice.scr
- Size
  
  356KB
- MD5
  
  0f62ad64933edb9e9a62124f8f965d8c
- SHA1
  
  56f858b120126d45e384da71cc198a4f8f87870f
- SHA256
  
  c6971c3516ab280c7c6985ccc94062547116fcd3a7593fc84704030169c16e59
- SHA512
  
  61e28fd209bbe5ee006e5afc751fe441a89d98ca2471139ff5c6f825af402b408d90d8fab8acf51116d09e6d4329220f6a24238f8bdd282711181cf6231c677e
Score

10^/10

azorult infostealer trojan discovery spyware stealer
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultdiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy