azorult | 456050b3b656fc30777d31163ef1677302f224c4d36bc43dff99ae91fec67d61 | Triage

Submit
Reports

Overview

overview

Static

static

mannzx.exe

windows7_x64

3

mannzx.exe

windows10_x64

Sharing

General

Target

mannzx.exe
Size

37KB
Sample

220314-ymactadghk
MD5

89acff9ec4590de79e9fb5c288f5adb0
SHA1

ceb8a931df9c18e5e555afabc92b2fbb0c9ab20a
SHA256

456050b3b656fc30777d31163ef1677302f224c4d36bc43dff99ae91fec67d61
SHA512

784191035890be46a75a64760c55004271451043f85f3422d8273d29e682adea05bb491014159a2def13fb8255a9cb5bd40d64f17bb15bda41b4c4ec4ab21a90

Score

10^/10

azorult collection infostealer spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

mannzx.exe

Resource

win7-20220311-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mannzx.exe

Resource

win10-20220223-en

azorult collection infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://85.202.169.121/mann/index.php

Targets

- Target
  
  mannzx.exe
- Size
  
  37KB
- MD5
  
  89acff9ec4590de79e9fb5c288f5adb0
- SHA1
  
  ceb8a931df9c18e5e555afabc92b2fbb0c9ab20a
- SHA256
  
  456050b3b656fc30777d31163ef1677302f224c4d36bc43dff99ae91fec67d61
- SHA512
  
  784191035890be46a75a64760c55004271451043f85f3422d8273d29e682adea05bb491014159a2def13fb8255a9cb5bd40d64f17bb15bda41b4c4ec4ab21a90
Score

10^/10

azorult collection infostealer spyware stealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- suricata: ET MALWARE AZORult v3.3 Server Response M2
  suricata: ET MALWARE AZORult v3.3 Server Response M2
  suricata
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M18
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M18
  suricata
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

azorultcollectioninfostealerspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy