Overview

overview

10

Static

static

f31e2c4dd2...a2.exe

windows7_x64

10

f31e2c4dd2...a2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f31e2c4dd2e32c2c3d1cab973485593a474d8ffad44e759970e536aebacc46a2.exe

  • Size

    704KB

  • Sample

    220514-q5m3macddp

  • MD5

    1549d8ec14f63627d2dea3dca3943f5f

  • SHA1

    6f4827f6e0d867224e8fa2233942d6584bd24039

  • SHA256

    f31e2c4dd2e32c2c3d1cab973485593a474d8ffad44e759970e536aebacc46a2

  • SHA512

    c5a84831c513af5cc2d8b7e6c7ee697c0f624a2a5d6dfe119d63631dee82a01fa3ce61b7ed7287dfa50cfa2fea8e35b29f0ee7bdb5345e791412ab1a3262e74e

Score
10/10
azorultcollectiondiscoveryinfostealerspywarestealersuricatatrojan

Malware Config

Extracted

Family

azorult

C2

http://85.202.169.147/index.php

Targets

    • Target

      f31e2c4dd2e32c2c3d1cab973485593a474d8ffad44e759970e536aebacc46a2.exe

    • Size

      704KB

    • MD5

      1549d8ec14f63627d2dea3dca3943f5f

    • SHA1

      6f4827f6e0d867224e8fa2233942d6584bd24039

    • SHA256

      f31e2c4dd2e32c2c3d1cab973485593a474d8ffad44e759970e536aebacc46a2

    • SHA512

      c5a84831c513af5cc2d8b7e6c7ee697c0f624a2a5d6dfe119d63631dee82a01fa3ce61b7ed7287dfa50cfa2fea8e35b29f0ee7bdb5345e791412ab1a3262e74e

    Score
    10/10
    azorultcollectiondiscoveryinfostealerspywarestealersuricatatrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • suricata: ET MALWARE AZORult Variant.4 Checkin M2

      suricata: ET MALWARE AZORult Variant.4 Checkin M2

      suricata

    • suricata: ET MALWARE AZORult v3.2 Server Response M3

      suricata: ET MALWARE AZORult v3.2 Server Response M3

      suricata

    • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14

      suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14

      suricata

    • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

      suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

      suricata

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks