azorult | ada40662f6169f8784e227329378bb07770ccbfcbef2583ceadea68fb2b13639 | Triage

Submit
Reports

Overview

overview

Static

static

ada40662f6...39.exe

windows7_x64

ada40662f6...39.exe

windows10-2004_x64

Sharing

General

Target

ada40662f6169f8784e227329378bb07770ccbfcbef2583ceadea68fb2b13639
Size

3.3MB
Sample

220701-eagrkscdh6
MD5

cd3025f14f2f0415c73971d279b353b5
SHA1

ad77e018e6a6f628606c4b5a9cabf3fe7c953bee
SHA256

ada40662f6169f8784e227329378bb07770ccbfcbef2583ceadea68fb2b13639
SHA512

7a4e85b9c28b06eb681ecbdb9cea7816924299080914dbdd3b1e372ae94d2dcc11694ca281944c177706c2e9b75ff644e41105ca2b97f0cfd7ea624d64c340ae

Score

10^/10

azorult kpot discovery infostealer stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ada40662f6169f8784e227329378bb07770ccbfcbef2583ceadea68fb2b13639.exe

Resource

win7-20220414-en

azorult kpot discovery infostealer stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ada40662f6169f8784e227329378bb07770ccbfcbef2583ceadea68fb2b13639.exe

Resource

win10v2004-20220414-en

azorult kpot discovery infostealer stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://217.8.117.24/FF621070-FFBC-431C-A6E3-E1BEAD7A3F09/index.php

Targets

- Target
  
  ada40662f6169f8784e227329378bb07770ccbfcbef2583ceadea68fb2b13639
- Size
  
  3.3MB
- MD5
  
  cd3025f14f2f0415c73971d279b353b5
- SHA1
  
  ad77e018e6a6f628606c4b5a9cabf3fe7c953bee
- SHA256
  
  ada40662f6169f8784e227329378bb07770ccbfcbef2583ceadea68fb2b13639
- SHA512
  
  7a4e85b9c28b06eb681ecbdb9cea7816924299080914dbdd3b1e372ae94d2dcc11694ca281944c177706c2e9b75ff644e41105ca2b97f0cfd7ea624d64c340ae
Score

10^/10

azorult kpot discovery infostealer stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultkpotdiscoveryinfostealerstealertrojan

behavioral2

azorultkpotdiscoveryinfostealerstealertrojan

© 2018-2024

Terms | Privacy