azorult | 947830b49d52f4a9177007d4a49de641243ab63d1d1ffb7b5e12db3cbe5748b5 | Triage

Submit
Reports

Overview

overview

Static

static

947830b49d...b5.exe

windows7-x64

947830b49d...b5.exe

windows10-2004-x64

Sharing

General

Target

947830b49d52f4a9177007d4a49de641243ab63d1d1ffb7b5e12db3cbe5748b5
Size

484KB
Sample

220725-fz1resgdgk
MD5

45897f1ba88b9686bc982c8e82d3cd9a
SHA1

2f4cfcf65d1156d41c356f855e68add187b77ef1
SHA256

947830b49d52f4a9177007d4a49de641243ab63d1d1ffb7b5e12db3cbe5748b5
SHA512

e508d87a8c81138bf491aa4ef2913a469ff8a0e7ffd7ce3736d77ba834ae903695fe2fd8a7190f677404c3c495726ce2a429de9496abb0ba490ebf8921315159

Score

10^/10

azorult agilenet infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

947830b49d52f4a9177007d4a49de641243ab63d1d1ffb7b5e12db3cbe5748b5.exe

Resource

win7-20220718-en

azorult agilenet infostealer suricata trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

947830b49d52f4a9177007d4a49de641243ab63d1d1ffb7b5e12db3cbe5748b5.exe

Resource

win10v2004-20220721-en

azorult infostealer suricata trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

https://techxim.com/wp-includes/admin/32/index.php

Targets

- Target
  
  947830b49d52f4a9177007d4a49de641243ab63d1d1ffb7b5e12db3cbe5748b5
- Size
  
  484KB
- MD5
  
  45897f1ba88b9686bc982c8e82d3cd9a
- SHA1
  
  2f4cfcf65d1156d41c356f855e68add187b77ef1
- SHA256
  
  947830b49d52f4a9177007d4a49de641243ab63d1d1ffb7b5e12db3cbe5748b5
- SHA512
  
  e508d87a8c81138bf491aa4ef2913a469ff8a0e7ffd7ce3736d77ba834ae903695fe2fd8a7190f677404c3c495726ce2a429de9496abb0ba490ebf8921315159
Score

10^/10

azorult agilenet infostealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- suricata: ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27
  suricata: ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27
  suricata
- suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M15
  suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M15
  suricata
- suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M5
  suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M5
  suricata
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultagilenetinfostealersuricatatrojan

behavioral2

azorultinfostealersuricatatrojan

© 2018-2024

Terms | Privacy