azorult | c56d7650cb69a9ecc1cb26d4324a0708ae5eea20e640b33e32bbcb45b58c0703 | Triage

Sharing

General

Target

azne.exe
Size

283KB
Sample

220731-fq5zsaaeal
MD5

438cbbc5449ace7dc2f23c8f884a51e5
SHA1

e485f4b2797c6e3cb66c0fdcf388a4373b5dc495
SHA256

c56d7650cb69a9ecc1cb26d4324a0708ae5eea20e640b33e32bbcb45b58c0703
SHA512

2c92aea2256975d7eaf2f0c35622a41dfd189961f4fc5f302ec6133cd6aa8e6ab80d089e594afa51fc71c3d7bff4737e8ebafbd7c2c6327d73cd1682f1b6afb2

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  azne.exe
- Size
  
  283KB
- MD5
  
  438cbbc5449ace7dc2f23c8f884a51e5
- SHA1
  
  e485f4b2797c6e3cb66c0fdcf388a4373b5dc495
- SHA256
  
  c56d7650cb69a9ecc1cb26d4324a0708ae5eea20e640b33e32bbcb45b58c0703
- SHA512
  
  2c92aea2256975d7eaf2f0c35622a41dfd189961f4fc5f302ec6133cd6aa8e6ab80d089e594afa51fc71c3d7bff4737e8ebafbd7c2c6327d73cd1682f1b6afb2
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan