azorult | 902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75 | Triage

Submit
Reports

Overview

overview

Static

static

902803aaac...75.exe

windows7_x64

902803aaac...75.exe

windows10_x64

Sharing

General

Target

902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
Size

2.0MB
Sample

210508-ql3pjnjqva
MD5

b3440009f3da8d254ef59e62a3121d7b
SHA1

6da1cdea93f60b4c93004968a4d48108a741b77e
SHA256

902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
SHA512

a890e8e35834b96d9996ecabf5ad3787a51d4a093cd398295c27de57e5cda3f53926e60402e1e2d003f37a8af8b3a0c8db8cdc7607b075c1e05bde60142d90e6

Score

10^/10

azorult infostealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75.exe

Resource

win7v20210408

azorult infostealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75.exe

Resource

win10v20210408

azorult infostealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://0x21.in:8000/_az/

Targets

- Target
  
  902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
- Size
  
  2.0MB
- MD5
  
  b3440009f3da8d254ef59e62a3121d7b
- SHA1
  
  6da1cdea93f60b4c93004968a4d48108a741b77e
- SHA256
  
  902803aaacbc4c038c296d451453bfa2986aa78e079a89278dfd779b95564c75
- SHA512
  
  a890e8e35834b96d9996ecabf5ad3787a51d4a093cd398295c27de57e5cda3f53926e60402e1e2d003f37a8af8b3a0c8db8cdc7607b075c1e05bde60142d90e6
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy