azorult | 4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2 | Triage

Sharing

General

Target

4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
Size

1.9MB
Sample

210509-5d4ythap7e
MD5

be2de5463fff77d33317c926421ba040
SHA1

eea7d85b92d2a2c1fda03364882be19703484ba8
SHA256

4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
SHA512

bc60e5ae5de7dd13280d39c515065e9b70aaec0a06a7571e38ac2055648f33058e8cdcd2eba1a569b5e60edcbae2d913ff542c6d3571b6d49879ea0f59729fc4

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://work.wrklantc.in:9050/_az/

Targets

- Target
  
  4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
- Size
  
  1.9MB
- MD5
  
  be2de5463fff77d33317c926421ba040
- SHA1
  
  eea7d85b92d2a2c1fda03364882be19703484ba8
- SHA256
  
  4eaee1f695e6c1b2d9313e2e25796206f3e516a5492318c7309de0e7718d67c2
- SHA512
  
  bc60e5ae5de7dd13280d39c515065e9b70aaec0a06a7571e38ac2055648f33058e8cdcd2eba1a569b5e60edcbae2d913ff542c6d3571b6d49879ea0f59729fc4
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan