azorult | 3ccae8f9aec35c295f38fc346da2eddedaa3d21ee5dbeb6c5ebd357700e2e72c | Triage

Sharing

General

Target

3ccae8f9aec35c295f38fc346da2eddedaa3d21ee5dbeb6c5ebd357700e2e72c
Size

836KB
Sample

220703-fzj4nsadb6
MD5

bab64cf036bc9fd6cc8af20bda3f12e3
SHA1

82d47ceefe73b819b0c3dc50460086c090846241
SHA256

3ccae8f9aec35c295f38fc346da2eddedaa3d21ee5dbeb6c5ebd357700e2e72c
SHA512

ce2f52c4f48c13ac6085446f2089d1668a2c8db136a7b821c6de20791e5f09b7a02db06c2f5333cd365e7235219f4a3edf5f4993a8d56ee25a8a18bd460fd846

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://37.72.175.157:8080/chi/index.php

Targets

- Target
  
  3ccae8f9aec35c295f38fc346da2eddedaa3d21ee5dbeb6c5ebd357700e2e72c
- Size
  
  836KB
- MD5
  
  bab64cf036bc9fd6cc8af20bda3f12e3
- SHA1
  
  82d47ceefe73b819b0c3dc50460086c090846241
- SHA256
  
  3ccae8f9aec35c295f38fc346da2eddedaa3d21ee5dbeb6c5ebd357700e2e72c
- SHA512
  
  ce2f52c4f48c13ac6085446f2089d1668a2c8db136a7b821c6de20791e5f09b7a02db06c2f5333cd365e7235219f4a3edf5f4993a8d56ee25a8a18bd460fd846
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan