azorult | 5ffd99d36ba65a13856d3fc02c80241478de90ae82a776e45b9ab042a9ef98e9 | Triage

Sharing

General

Target

5ffd99d36ba65a13856d3fc02c80241478de90ae82a776e45b9ab042a9ef98e9
Size

816KB
Sample

220731-jm1sfafad9
MD5

50a5ecd5d41cdb4acf2a80303ab227b8
SHA1

4d774c91c3c748fa9356c657290625858f3c6e0c
SHA256

5ffd99d36ba65a13856d3fc02c80241478de90ae82a776e45b9ab042a9ef98e9
SHA512

461d1b27ad20065b396a5a314341c4fd226b637b5bdc958a11b0a876cc918b5c29f6946dbf5bb194131e9d53e58a8a0dc75dd04686c44c54fe61effceaf63cab

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://eewsteei.com/index.php

Targets

- Target
  
  5ffd99d36ba65a13856d3fc02c80241478de90ae82a776e45b9ab042a9ef98e9
- Size
  
  816KB
- MD5
  
  50a5ecd5d41cdb4acf2a80303ab227b8
- SHA1
  
  4d774c91c3c748fa9356c657290625858f3c6e0c
- SHA256
  
  5ffd99d36ba65a13856d3fc02c80241478de90ae82a776e45b9ab042a9ef98e9
- SHA512
  
  461d1b27ad20065b396a5a314341c4fd226b637b5bdc958a11b0a876cc918b5c29f6946dbf5bb194131e9d53e58a8a0dc75dd04686c44c54fe61effceaf63cab
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan