azorult | 8663741827394c721f03ce58544426d2a96f01f20ead691c447c539929ef5942 | Triage

Sharing

General

Target

8663741827394c721f03ce58544426d2a96f01f20ead691c447c539929ef5942
Size

665KB
Sample

220701-ekvfeschh9
MD5

d8ce5db24833f558ba1c47e2d59763ad
SHA1

eb83dfb07623cde725f8d71e2af801473996624f
SHA256

8663741827394c721f03ce58544426d2a96f01f20ead691c447c539929ef5942
SHA512

8b3240520676386863f504ae97637ade34fd2f76de469c68b1827357d9e4b252e039894948cdbf94afbf6155ca6ea215d9f309381673933d9ca101f2b6b32dea

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://jatkit.ga/h0l/index.php

Targets

- Target
  
  8663741827394c721f03ce58544426d2a96f01f20ead691c447c539929ef5942
- Size
  
  665KB
- MD5
  
  d8ce5db24833f558ba1c47e2d59763ad
- SHA1
  
  eb83dfb07623cde725f8d71e2af801473996624f
- SHA256
  
  8663741827394c721f03ce58544426d2a96f01f20ead691c447c539929ef5942
- SHA512
  
  8b3240520676386863f504ae97637ade34fd2f76de469c68b1827357d9e4b252e039894948cdbf94afbf6155ca6ea215d9f309381673933d9ca101f2b6b32dea
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan