azorult | 9fd1b6bb492b8ddf71e4dd57561772160e28de0c7dc10257ce3c6d6c1e506f76 | Triage

Sharing

General

Target

9fd1b6bb492b8ddf71e4dd57561772160e28de0c7dc10257ce3c6d6c1e506f76
Size

1.9MB
Sample

210508-2k5391ta9s
MD5

adac3b4cb7f7e8280652146c5893afda
SHA1

841a987a4ea28e602fcde17494522544678eed25
SHA256

9fd1b6bb492b8ddf71e4dd57561772160e28de0c7dc10257ce3c6d6c1e506f76
SHA512

2264bf73d07f1a0b9501a6a648d0dc35265195542da882e79dcee6fae6797ed2f4cf0f6b74e38ede24e61ad4e70e95efd60110460d31fe9149500a61c2ddcf29

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://work.wrklantc.in:9050/_az/

Targets

- Target
  
  9fd1b6bb492b8ddf71e4dd57561772160e28de0c7dc10257ce3c6d6c1e506f76
- Size
  
  1.9MB
- MD5
  
  adac3b4cb7f7e8280652146c5893afda
- SHA1
  
  841a987a4ea28e602fcde17494522544678eed25
- SHA256
  
  9fd1b6bb492b8ddf71e4dd57561772160e28de0c7dc10257ce3c6d6c1e506f76
- SHA512
  
  2264bf73d07f1a0b9501a6a648d0dc35265195542da882e79dcee6fae6797ed2f4cf0f6b74e38ede24e61ad4e70e95efd60110460d31fe9149500a61c2ddcf29
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan