azorult | 5e4bbfd0a0ec4ad115e955ddc0219d0fdda191c9f95c3dadce2af567d9483fa8 | Triage

Sharing

General

Target

5e4bbfd0a0ec4ad115e955ddc0219d0fdda191c9f95c3dadce2af567d9483fa8
Size

1.7MB
Sample

220731-zhz84sfed5
MD5

746f7df0c1d2ff1c7c4fe90e3a24ae48
SHA1

934a527ae8b8cdeaaf49b90193a9fcc1ae925854
SHA256

5e4bbfd0a0ec4ad115e955ddc0219d0fdda191c9f95c3dadce2af567d9483fa8
SHA512

533d48d3af681d8f9d14f97bcc3eeb99e07c3126c92de526b19e8045e839a70f5558fd35f669dd09eda08f14bc43cee40a060f964ff5f46b577ce8d98ca06de6

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://104.233.105.159/0/van/index.php

Targets

- Target
  
  5e4bbfd0a0ec4ad115e955ddc0219d0fdda191c9f95c3dadce2af567d9483fa8
- Size
  
  1.7MB
- MD5
  
  746f7df0c1d2ff1c7c4fe90e3a24ae48
- SHA1
  
  934a527ae8b8cdeaaf49b90193a9fcc1ae925854
- SHA256
  
  5e4bbfd0a0ec4ad115e955ddc0219d0fdda191c9f95c3dadce2af567d9483fa8
- SHA512
  
  533d48d3af681d8f9d14f97bcc3eeb99e07c3126c92de526b19e8045e839a70f5558fd35f669dd09eda08f14bc43cee40a060f964ff5f46b577ce8d98ca06de6
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan