azorult | 383f832947919f6fd9a512ffd689a03c8f7cef4a328398038fe8df6a6d2bc6b1 | Triage

Submit
Reports

Overview

overview

Static

static

383f832947...b1.exe

windows7_x64

383f832947...b1.exe

windows10-2004_x64

Sharing

General

Target

383f832947919f6fd9a512ffd689a03c8f7cef4a328398038fe8df6a6d2bc6b1.exe
Size

454KB
Sample

220521-yh1dfadaf3
MD5

1110eca19c2168af0f48b86a91ff8548
SHA1

0dec58a4377ffd917efad69d6bc2e08f35ef8fce
SHA256

383f832947919f6fd9a512ffd689a03c8f7cef4a328398038fe8df6a6d2bc6b1
SHA512

ba08e8845e881b245f6ca339bb4858b9db90d6bb88e771f62567fbaeef58e4b19ad226f9ab681bed9c17d679bfca16f8d4dd013ef5a857cb3a6d0d99878f9b2c

Score

10^/10

azorult infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

383f832947919f6fd9a512ffd689a03c8f7cef4a328398038fe8df6a6d2bc6b1.exe

Resource

win7-20220414-en

azorult infostealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

383f832947919f6fd9a512ffd689a03c8f7cef4a328398038fe8df6a6d2bc6b1.exe

Resource

win10v2004-20220414-en

azorult infostealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://5gw4d.xyz/PL341/index.php

Targets

- Target
  
  383f832947919f6fd9a512ffd689a03c8f7cef4a328398038fe8df6a6d2bc6b1.exe
- Size
  
  454KB
- MD5
  
  1110eca19c2168af0f48b86a91ff8548
- SHA1
  
  0dec58a4377ffd917efad69d6bc2e08f35ef8fce
- SHA256
  
  383f832947919f6fd9a512ffd689a03c8f7cef4a328398038fe8df6a6d2bc6b1
- SHA512
  
  ba08e8845e881b245f6ca339bb4858b9db90d6bb88e771f62567fbaeef58e4b19ad226f9ab681bed9c17d679bfca16f8d4dd013ef5a857cb3a6d0d99878f9b2c
Score

10^/10

azorult infostealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
  suricata
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M4
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M4
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealersuricatatrojan

behavioral2

azorultinfostealersuricatatrojan

© 2018-2024

Terms | Privacy