Overview

overview

10

Static

static

59a667af9c...74.exe

windows7_x64

10

59a667af9c...74.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59a667af9c0979b64877b536a086fbb0173db3e9f41a6f983f25fdad398e9f74

  • Size

    755KB

  • Sample

    220701-d1qxhaabep

  • MD5

    eb404d19c327ea0dc70116c228feab12

  • SHA1

    2ab68a1528381888ea691aa9d97b243eaa0bf2c1

  • SHA256

    59a667af9c0979b64877b536a086fbb0173db3e9f41a6f983f25fdad398e9f74

  • SHA512

    f18b96996b183334f6dbf1d068107960872992072d1fc0dc9f2f2adddc8bb3e0b989e1de2f3c2294be6e125825290306ba24a8ff67e6ce1985b7ec4be5133453

Score
10/10
azorultinfostealerpersistencetrojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      59a667af9c0979b64877b536a086fbb0173db3e9f41a6f983f25fdad398e9f74

    • Size

      755KB

    • MD5

      eb404d19c327ea0dc70116c228feab12

    • SHA1

      2ab68a1528381888ea691aa9d97b243eaa0bf2c1

    • SHA256

      59a667af9c0979b64877b536a086fbb0173db3e9f41a6f983f25fdad398e9f74

    • SHA512

      f18b96996b183334f6dbf1d068107960872992072d1fc0dc9f2f2adddc8bb3e0b989e1de2f3c2294be6e125825290306ba24a8ff67e6ce1985b7ec4be5133453

    Score
    10/10
    azorultinfostealerpersistencetrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks