azorult | fa52f6c74b2884f576b63574bf61b775cf3bc52b5290e8f9302ec88b41240724 | Triage

Sharing

General

Target

fa52f6c74b2884f576b63574bf61b775cf3bc52b5290e8f9302ec88b41240724
Size

1.2MB
Sample

210515-lqeqf4yar2
MD5

3f54eae33e738e6ee1586cd8999408ed
SHA1

6bf9c6a7e6da2be5c1c4ed5070c8b383fa474d51
SHA256

fa52f6c74b2884f576b63574bf61b775cf3bc52b5290e8f9302ec88b41240724
SHA512

5076410a999d637297b4d6837e60059993be74c3a8460466ba7ba21943d904495602de551373739cad98dcc33494fea648a7ad6f5477d2cb13aac13c6873bbc8

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://abscete.info/rnest/index.php

Targets

- Target
  
  fa52f6c74b2884f576b63574bf61b775cf3bc52b5290e8f9302ec88b41240724
- Size
  
  1.2MB
- MD5
  
  3f54eae33e738e6ee1586cd8999408ed
- SHA1
  
  6bf9c6a7e6da2be5c1c4ed5070c8b383fa474d51
- SHA256
  
  fa52f6c74b2884f576b63574bf61b775cf3bc52b5290e8f9302ec88b41240724
- SHA512
  
  5076410a999d637297b4d6837e60059993be74c3a8460466ba7ba21943d904495602de551373739cad98dcc33494fea648a7ad6f5477d2cb13aac13c6873bbc8
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan