azorult | 9cbcdec6b8050a81720597c76e29fb7c89fc12dce7eb26a68ab8542235824aca | Triage

Submit
Reports

Overview

overview

Static

static

9cbcdec6b8...ca.exe

windows7_x64

9cbcdec6b8...ca.exe

windows10-2004_x64

Sharing

General

Target

9cbcdec6b8050a81720597c76e29fb7c89fc12dce7eb26a68ab8542235824aca.exe
Size

449KB
Sample

220521-yh1dfagccr
MD5

0df353bc1f264422bdb2ecf1a1ad30b6
SHA1

8e926f65c2a5fc9afea2d49ae04a25845515c37a
SHA256

9cbcdec6b8050a81720597c76e29fb7c89fc12dce7eb26a68ab8542235824aca
SHA512

9c1103d252808264453c018a012c45c07fdbc71cedbc44cfb0620a134106e445084ed28a6feb80e8de46442affc4c32ce28c2807d118b7c73a0687e05444477c

Score

10^/10

azorult infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

9cbcdec6b8050a81720597c76e29fb7c89fc12dce7eb26a68ab8542235824aca.exe

Resource

win7-20220414-en

azorult infostealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9cbcdec6b8050a81720597c76e29fb7c89fc12dce7eb26a68ab8542235824aca.exe

Resource

win10v2004-20220414-en

azorult infostealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://5gw4d.xyz/PL341/index.php

Targets

- Target
  
  9cbcdec6b8050a81720597c76e29fb7c89fc12dce7eb26a68ab8542235824aca.exe
- Size
  
  449KB
- MD5
  
  0df353bc1f264422bdb2ecf1a1ad30b6
- SHA1
  
  8e926f65c2a5fc9afea2d49ae04a25845515c37a
- SHA256
  
  9cbcdec6b8050a81720597c76e29fb7c89fc12dce7eb26a68ab8542235824aca
- SHA512
  
  9c1103d252808264453c018a012c45c07fdbc71cedbc44cfb0620a134106e445084ed28a6feb80e8de46442affc4c32ce28c2807d118b7c73a0687e05444477c
Score

10^/10

azorult infostealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
  suricata
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M6
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M6
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealersuricatatrojan

behavioral2

azorultinfostealersuricatatrojan

© 2018-2024

Terms | Privacy