azorult | 26edc51f1462e27dc2ce2ace7a966f90af24fbbaf33783b8e3da6c90b69a47af | Triage

Sharing

General

Target

26edc51f1462e27dc2ce2ace7a966f90af24fbbaf33783b8e3da6c90b69a47af.exe
Size

815KB
Sample

220514-q5qhraceal
MD5

8b119554697b74641365623d328fc499
SHA1

cfbd98f3983695adc20d4c4fdb08907a0941a6c5
SHA256

26edc51f1462e27dc2ce2ace7a966f90af24fbbaf33783b8e3da6c90b69a47af
SHA512

2fd9dbc4582b3bb4b44b09310f1ce881dc1d90dd3ccd3ca532959ac6dc7c7702a62d170d95143d41b38ea9e088451b405ee08e8d0934970d95665541381dab14

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://logger.cfd/swi341/index.php

Targets

- Target
  
  26edc51f1462e27dc2ce2ace7a966f90af24fbbaf33783b8e3da6c90b69a47af.exe
- Size
  
  815KB
- MD5
  
  8b119554697b74641365623d328fc499
- SHA1
  
  cfbd98f3983695adc20d4c4fdb08907a0941a6c5
- SHA256
  
  26edc51f1462e27dc2ce2ace7a966f90af24fbbaf33783b8e3da6c90b69a47af
- SHA512
  
  2fd9dbc4582b3bb4b44b09310f1ce881dc1d90dd3ccd3ca532959ac6dc7c7702a62d170d95143d41b38ea9e088451b405ee08e8d0934970d95665541381dab14
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan