azorult | f75b569b54638ca8285237ca714e853e3d2ae9e390c4c9516caa04e9fcd30509 | Triage

Sharing

General

Target

f75b569b54638ca8285237ca714e853e3d2ae9e390c4c9516caa04e9fcd30509
Size

607KB
Sample

220731-kfegashdbp
MD5

b115061acd459a7cbfc6b12f85b16083
SHA1

6538ecd3b289457b6e61bcccba35a3bec4f04a17
SHA256

f75b569b54638ca8285237ca714e853e3d2ae9e390c4c9516caa04e9fcd30509
SHA512

da1cbfc4f207616463fdc05ef9a860146cd2c983d42583d885252c080eb3c7b5cb5b64b101a29fc2c5d7a430e21aaadbda68fdd531ef70e2490e4a63fd55e0a2

Score

10^/10

azorult agilenet infostealer trojan

Malware Config

Extracted

Family

azorult

C2

https://lapyo.de/edu/32/index.php

Targets

- Target
  
  f75b569b54638ca8285237ca714e853e3d2ae9e390c4c9516caa04e9fcd30509
- Size
  
  607KB
- MD5
  
  b115061acd459a7cbfc6b12f85b16083
- SHA1
  
  6538ecd3b289457b6e61bcccba35a3bec4f04a17
- SHA256
  
  f75b569b54638ca8285237ca714e853e3d2ae9e390c4c9516caa04e9fcd30509
- SHA512
  
  da1cbfc4f207616463fdc05ef9a860146cd2c983d42583d885252c080eb3c7b5cb5b64b101a29fc2c5d7a430e21aaadbda68fdd531ef70e2490e4a63fd55e0a2
Score

10^/10

azorult agilenet infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultagilenetinfostealertrojan

behavioral2

azorultinfostealertrojan