azorult

General

Target

7a27a0d66d153c231f9dd703684ad2f563334c4bbb70d0030bc7b792aa808694
Size

144KB
Sample

220219-15xbeaegcq
MD5

2bf6a57fc257d6b165aa0bb3f6c92370
SHA1

4764cdefbb2eff301753429caa9c8b46d4a32a9d
SHA256

7a27a0d66d153c231f9dd703684ad2f563334c4bbb70d0030bc7b792aa808694
SHA512

4baae9d54327a536e3c93a43967e997e1e0f287ae63fe66c275b570f2afeba66b8c364ca7a469d32646e6ce314e03d64be6a4cda9818b103ba11af0741c21320

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://f0435401.xsph.ru/4rjkt4q3zs/2uyd5gi4e6h/w3d8yd.php

Targets

- Target
  
  7a27a0d66d153c231f9dd703684ad2f563334c4bbb70d0030bc7b792aa808694
- Size
  
  144KB
- MD5
  
  2bf6a57fc257d6b165aa0bb3f6c92370
- SHA1
  
  4764cdefbb2eff301753429caa9c8b46d4a32a9d
- SHA256
  
  7a27a0d66d153c231f9dd703684ad2f563334c4bbb70d0030bc7b792aa808694
- SHA512
  
  4baae9d54327a536e3c93a43967e997e1e0f287ae63fe66c275b570f2afeba66b8c364ca7a469d32646e6ce314e03d64be6a4cda9818b103ba11af0741c21320
Score

10^/10

azorult poullight infostealer stealer suricata trojan spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Poullight
  Poullight is an information stealer first seen in March 2020.
  trojan stealer poullight
- Poullight Stealer Payload
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M14
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M14
  suricata
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Poullight

Poullight Stealer Payload

suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M14

suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2