Overview

overview

10

Static

static

8d1b830b2d...a2.exe

windows7_x64

10

8d1b830b2d...a2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d1b830b2dda89393dfb738e94f50ccdc80cc27067a70df9fc235d13deb36fa2

  • Size

    3.3MB

  • Sample

    210516-p6lbakz4px

  • MD5

    a2e9f04fd2ce09694073d43ac62a5d0e

  • SHA1

    e98853e3512694b13425b82646cd2e869bae31bb

  • SHA256

    8d1b830b2dda89393dfb738e94f50ccdc80cc27067a70df9fc235d13deb36fa2

  • SHA512

    ca413738e4404368d05c0ceaf351c8de9f33189ec8821635211e3c35896265542911b4cedaf6caf988ab9f4d21c5781df1384c4c8219edcc54e921dee50b6732

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://92.63.192.72/index.php

Targets

    • Target

      8d1b830b2dda89393dfb738e94f50ccdc80cc27067a70df9fc235d13deb36fa2

    • Size

      3.3MB

    • MD5

      a2e9f04fd2ce09694073d43ac62a5d0e

    • SHA1

      e98853e3512694b13425b82646cd2e869bae31bb

    • SHA256

      8d1b830b2dda89393dfb738e94f50ccdc80cc27067a70df9fc235d13deb36fa2

    • SHA512

      ca413738e4404368d05c0ceaf351c8de9f33189ec8821635211e3c35896265542911b4cedaf6caf988ab9f4d21c5781df1384c4c8219edcc54e921dee50b6732

    Score
    10/10
    azorultdiscoveryinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks