azorult | b35b91f3db15c11921755d7d8af48534135727e57502f6a9e872beb257b7831c | Triage

Sharing

General

Target

b35b91f3db15c11921755d7d8af48534135727e57502f6a9e872beb257b7831c
Size

828KB
Sample

220731-htx5fsefcj
MD5

b91114eb71f8e3f884381e97c548009f
SHA1

bd1a4988db9a5bd3018a357b218d50b84edd9f81
SHA256

b35b91f3db15c11921755d7d8af48534135727e57502f6a9e872beb257b7831c
SHA512

a7752bec2d9e0c5f020b4ce4870c0f8159367ec6843408beb8fe2efc6236fcdf6e17a278e0ce4805c8990d80c91ab9927052ec36fb07f56a18be60f22d7f2ba4

Score

10^/10

azorult agilenet infostealer trojan

Malware Config

Extracted

Family

azorult

C2

https://techxim.com/wp-admin/admin/32/index.php

Targets

- Target
  
  b35b91f3db15c11921755d7d8af48534135727e57502f6a9e872beb257b7831c
- Size
  
  828KB
- MD5
  
  b91114eb71f8e3f884381e97c548009f
- SHA1
  
  bd1a4988db9a5bd3018a357b218d50b84edd9f81
- SHA256
  
  b35b91f3db15c11921755d7d8af48534135727e57502f6a9e872beb257b7831c
- SHA512
  
  a7752bec2d9e0c5f020b4ce4870c0f8159367ec6843408beb8fe2efc6236fcdf6e17a278e0ce4805c8990d80c91ab9927052ec36fb07f56a18be60f22d7f2ba4
Score

10^/10

azorult agilenet infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultagilenetinfostealertrojan

behavioral2

azorultinfostealertrojan