azorult | d4a20038f6fa3073ed4b293f8bfd65372f77460f91fa5af61938911cb635b3ab | Triage

Submit
Reports

Overview

overview

Static

static

d4a20038f6...ab.msi

windows7_x64

d4a20038f6...ab.msi

windows10-2004_x64

6

Sharing

General

Target

d4a20038f6fa3073ed4b293f8bfd65372f77460f91fa5af61938911cb635b3ab
Size

672KB
Sample

220701-ex4jvsdef9
MD5

d41b33caefb8ca5c050ce49a96a3ea48
SHA1

8df543692937630bbb26481ed22ce5f384663295
SHA256

d4a20038f6fa3073ed4b293f8bfd65372f77460f91fa5af61938911cb635b3ab
SHA512

94fd95c1a6e2d4ffb09d141666d00ab00434434ed1885036fed98b7c25f553e91d2448580bbc2b33ae2e9cb6b5420c3358ec68bd848514da10e2054cc1cc645e

Score

10^/10

azorult infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

d4a20038f6fa3073ed4b293f8bfd65372f77460f91fa5af61938911cb635b3ab.msi

Resource

win7-20220414-en

azorult infostealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d4a20038f6fa3073ed4b293f8bfd65372f77460f91fa5af61938911cb635b3ab.msi

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://aglfreight.com.my/inc/js/jstree/biu/index.php

Targets

- Target
  
  d4a20038f6fa3073ed4b293f8bfd65372f77460f91fa5af61938911cb635b3ab
- Size
  
  672KB
- MD5
  
  d41b33caefb8ca5c050ce49a96a3ea48
- SHA1
  
  8df543692937630bbb26481ed22ce5f384663295
- SHA256
  
  d4a20038f6fa3073ed4b293f8bfd65372f77460f91fa5af61938911cb635b3ab
- SHA512
  
  94fd95c1a6e2d4ffb09d141666d00ab00434434ed1885036fed98b7c25f553e91d2448580bbc2b33ae2e9cb6b5420c3358ec68bd848514da10e2054cc1cc645e
Score

10^/10

azorult infostealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M6
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M6
  suricata
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy