azorult | 3bb9961490c803b6ff20959ab0c6b9c51863fd1c07b1778045a735d89e7e7287 | Triage

Submit
Reports

Overview

overview

Static

static

3bb9961490...87.exe

windows7_x64

3bb9961490...87.exe

windows10-2004_x64

Sharing

General

Target

3bb9961490c803b6ff20959ab0c6b9c51863fd1c07b1778045a735d89e7e7287
Size

3.3MB
Sample

220703-lvjv1aecan
MD5

4ce9eaf299a37158cf09d0e6847f27d5
SHA1

80fde74e771a40c4edc876cdd7f77be11ebed28f
SHA256

3bb9961490c803b6ff20959ab0c6b9c51863fd1c07b1778045a735d89e7e7287
SHA512

70e20c4326784cf8071817688f8166dd024e869e9faa04af644a4bd4b44b079d0036024bc2db84e3487c0823342ef8362a9a2ccd3c1cf51343e6f4e52ce91f50

Score

10^/10

azorult discovery infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

3bb9961490c803b6ff20959ab0c6b9c51863fd1c07b1778045a735d89e7e7287.exe

Resource

win7-20220414-en

azorult discovery infostealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3bb9961490c803b6ff20959ab0c6b9c51863fd1c07b1778045a735d89e7e7287.exe

Resource

win10v2004-20220414-en

azorult discovery infostealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

http://92.63.192.72/index.php

Targets

- Target
  
  3bb9961490c803b6ff20959ab0c6b9c51863fd1c07b1778045a735d89e7e7287
- Size
  
  3.3MB
- MD5
  
  4ce9eaf299a37158cf09d0e6847f27d5
- SHA1
  
  80fde74e771a40c4edc876cdd7f77be11ebed28f
- SHA256
  
  3bb9961490c803b6ff20959ab0c6b9c51863fd1c07b1778045a735d89e7e7287
- SHA512
  
  70e20c4326784cf8071817688f8166dd024e869e9faa04af644a4bd4b44b079d0036024bc2db84e3487c0823342ef8362a9a2ccd3c1cf51343e6f4e52ce91f50
Score

10^/10

azorult discovery infostealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M15
  suricata
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealersuricatatrojan

behavioral2

azorultdiscoveryinfostealersuricatatrojan

© 2018-2024

Terms | Privacy