azorult

General

Target

6fde608d09a5e7e56a520552502c856e.exe
Size

112KB
Sample

210428-sjl4pws5ce
MD5

6fde608d09a5e7e56a520552502c856e
SHA1

5af63513b171c72ebef58e68cb8c1d96c771b4e2
SHA256

7f2270d10eb36c07d9b7d52ca7e5e7a863db20902636441de143b90358eec19f
SHA512

9e2899f37bf297d6016aab6489f51ec78a08d1c4ea95d07aacfa873fef210db99fa3b5640ea9eb6a9fee625074156bcb860e0c4178090fa389b20b758c2a3c9e

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://bengalcement.com.bd/AxPu/index.php

Targets

- Target
  
  6fde608d09a5e7e56a520552502c856e.exe
- Size
  
  112KB
- MD5
  
  6fde608d09a5e7e56a520552502c856e
- SHA1
  
  5af63513b171c72ebef58e68cb8c1d96c771b4e2
- SHA256
  
  7f2270d10eb36c07d9b7d52ca7e5e7a863db20902636441de143b90358eec19f
- SHA512
  
  9e2899f37bf297d6016aab6489f51ec78a08d1c4ea95d07aacfa873fef210db99fa3b5640ea9eb6a9fee625074156bcb860e0c4178090fa389b20b758c2a3c9e
Score

10^/10

azorult discovery infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

5

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

5

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads data files stored by FTP clients

Reads local data of messenger clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2