azorult | 3237df10a8553e3e68910681cd522310e4f8155775531adc6f5804e50e7192de | Triage

Sharing

General

Target

Odeme Plani.exe
Size

750KB
Sample

210720-4rpat77w2e
MD5

687e87a06d051f3d2734d4cf800a9bc8
SHA1

e68adbed6f12b80c5e91452f5a1593ce9fa68a9f
SHA256

3237df10a8553e3e68910681cd522310e4f8155775531adc6f5804e50e7192de
SHA512

a13b2339722364146e3db09d4a930064b1f3aa3c4ba4e5f08fdc4eb261ed7e9ba8c549d9e2190638555a4a1f3c0a06dcb79e0419be560b5224a9ea6209697c47

Score

10^/10

azorult infostealer spyware stealer trojan

Malware Config

Extracted

Family

azorult

C2

http://2.56.59.45/index.php

Targets

- Target
  
  Odeme Plani.exe
- Size
  
  750KB
- MD5
  
  687e87a06d051f3d2734d4cf800a9bc8
- SHA1
  
  e68adbed6f12b80c5e91452f5a1593ce9fa68a9f
- SHA256
  
  3237df10a8553e3e68910681cd522310e4f8155775531adc6f5804e50e7192de
- SHA512
  
  a13b2339722364146e3db09d4a930064b1f3aa3c4ba4e5f08fdc4eb261ed7e9ba8c549d9e2190638555a4a1f3c0a06dcb79e0419be560b5224a9ea6209697c47
Score

10^/10

azorult infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealerspywarestealertrojan

behavioral2

azorultinfostealerspywarestealertrojan