azorult | 723d9cc9705952d934ead57091edc2d07cde8a0384381e5f10e89cf994699e31

General

Target

723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Size

168KB
MD5

f68c49a6959e2e612e2429833f3e5c49
SHA1

acbeb4a89781b35affdc685090f044c6ae562318
SHA256

723d9cc9705952d934ead57091edc2d07cde8a0384381e5f10e89cf994699e31
SHA512

66a93b3de0ae89e9b4af626767710906e04052a198569cc65c393a9e9767bd7ed15353abf862084e2f2a0a8fad04f23c01c72b52bea141612d3480efbddad1e9

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://buterin-vitalik.fun/filomena/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\UpperFilters	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\LowerFilters	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\UpperFilters	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\LowerFilters	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe

description	pid	process
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
Token: SeLoadDriverPrivilege	500	723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe

C:\Users\Admin\AppData\Local\Temp\723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe
"C:\Users\Admin\AppData\Local\Temp\723D9CC9705952D934EAD57091EDC2D07CDE8A0384381.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:500

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/500-114-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing