azorult | 602105b9e93a3222c666edbb621839cbc907c8caaadfb8e6d2b9d1e95ae37ab0 | Triage

Sharing

General

Target

602105b9e93a3222c666edbb621839cbc907c8caaadfb8e6d2b9d1e95ae37ab0
Size

602KB
Sample

220731-hhq7rsdbe3
MD5

60db7e886a5583ec17f19345b4c1fcd6
SHA1

d16d7d59175cf680fe0ad1407ec33636c094ef69
SHA256

602105b9e93a3222c666edbb621839cbc907c8caaadfb8e6d2b9d1e95ae37ab0
SHA512

7e2655059445f0d1c6027b7b4c5fd02d269a80e6d589aa3029fcb0a68428a426ae6c3c87cc9849a52da353e363bea0ccbf351286e531e8a473cc589c48efe135

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://23.106.122.215/index.php

Targets

- Target
  
  602105b9e93a3222c666edbb621839cbc907c8caaadfb8e6d2b9d1e95ae37ab0
- Size
  
  602KB
- MD5
  
  60db7e886a5583ec17f19345b4c1fcd6
- SHA1
  
  d16d7d59175cf680fe0ad1407ec33636c094ef69
- SHA256
  
  602105b9e93a3222c666edbb621839cbc907c8caaadfb8e6d2b9d1e95ae37ab0
- SHA512
  
  7e2655059445f0d1c6027b7b4c5fd02d269a80e6d589aa3029fcb0a68428a426ae6c3c87cc9849a52da353e363bea0ccbf351286e531e8a473cc589c48efe135
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan