azorult | a0b1de4908b9d668c9ad3c734d7f11b5369f297231718440deecae1b1d9e4870 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...20.exe

windows7_x64

Purchase O...20.exe

windows10-2004_x64

Sharing

General

Target

a0b1de4908b9d668c9ad3c734d7f11b5369f297231718440deecae1b1d9e4870
Size

231KB
Sample

220521-nxxwraece2
MD5

3ebc187d073e932c450ee9dd7680953c
SHA1

8eb3e4f42b0c45f1b008edfe8ece8b2d7e87a50f
SHA256

a0b1de4908b9d668c9ad3c734d7f11b5369f297231718440deecae1b1d9e4870
SHA512

70c405a8e5a0abe72c9fba283864d02b56fc260990a0adc2635f85ae8869ed0069cada2c3dd0e7099d82e0bdbe75ef83dbe5756b482eeb0c9f9cf2b885f68fe2

Score

10^/10

azorult infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order 07-01-20.exe

Resource

win7-20220414-en

azorult infostealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order 07-01-20.exe

Resource

win10v2004-20220414-en

azorult infostealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

https://www.nirjhara.com/mine/32/index.php

Targets

- Target
  
  Purchase Order 07-01-20.exe
- Size
  
  286KB
- MD5
  
  cd7a513f32868e1b03028bbf13a92675
- SHA1
  
  f5e67231dabb339e227c25a0932a73ce07415b8c
- SHA256
  
  17436415138275ac49267782ae030b0919869d022f381ceec283b2838836c92f
- SHA512
  
  00e427f401340edbc34d1bc14fe9089de142beb723499380f6a6c4559859714a4e28ed28c460f52243164cc1a6aa391c9fa6223dd8c20d4aabf2a4ec7b5dbaaf
Score

10^/10

azorult infostealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- suricata: ET MALWARE AZORult Variant.4 Checkin M2
  suricata: ET MALWARE AZORult Variant.4 Checkin M2
  suricata
- suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M13
  suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M13
  suricata
- suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4
  suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealersuricatatrojan

behavioral2

azorultinfostealersuricatatrojan

© 2018-2024

Terms | Privacy