azorult | 8840069967153ec69d57329f34b6626537f0df8be23d2ab640b9e073f3951235 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...59.exe

windows7-x64

SecuriteIn...59.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.W32.AIDetectNet.01.15559.1665
Size

73KB
Sample

220802-qq749afcf2
MD5

d336cd539571cb25a77fe1cdeb402bb4
SHA1

709e156974536a22d81c4f4cac3f1461146a3e65
SHA256

8840069967153ec69d57329f34b6626537f0df8be23d2ab640b9e073f3951235
SHA512

63086b2c0dfefa28904df382d71c0eee2318d17b8934de078e18e7ea5b362071a454aa660df6578ef222d2ef9c2b78b036d6c93bf8cbcb617575e6ac35a2c416

Score

10^/10

azorult collection infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.W32.AIDetectNet.01.15559.exe

Resource

win7-20220715-en

azorult collection infostealer spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.W32.AIDetectNet.01.15559.exe

Resource

win10v2004-20220721-en

azorult collection infostealer spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://109.248.150.151/roth/index.php

Targets

- Target
  
  SecuriteInfo.com.W32.AIDetectNet.01.15559.1665
- Size
  
  73KB
- MD5
  
  d336cd539571cb25a77fe1cdeb402bb4
- SHA1
  
  709e156974536a22d81c4f4cac3f1461146a3e65
- SHA256
  
  8840069967153ec69d57329f34b6626537f0df8be23d2ab640b9e073f3951235
- SHA512
  
  63086b2c0dfefa28904df382d71c0eee2318d17b8934de078e18e7ea5b362071a454aa660df6578ef222d2ef9c2b78b036d6c93bf8cbcb617575e6ac35a2c416
Score

10^/10

azorult collection infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultcollectioninfostealerspywarestealertrojan

behavioral2

azorultcollectioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy