azorult | 46e43f0806085da66f4d9bcb7391a618977f5f9a0c6b612e2e02ba6b8e9d1011 | Triage

Submit
Reports

Overview

overview

Static

static

AU3_EXE.exe

windows7-x64

AU3_EXE.exe

windows10-2004-x64

Sharing

General

Target

AU3_EXE.exe
Size

112KB
Sample

220808-q9xgvsbeer
MD5

30bd4415b8698b02c6e39bd8f5343115
SHA1

3541170096377e396d8991c0dbc128680e7365fd
SHA256

46e43f0806085da66f4d9bcb7391a618977f5f9a0c6b612e2e02ba6b8e9d1011
SHA512

f5cb883f0cee38600ebb0a8800bff8e0ef952dd63da27236d2c8e11478026a69296105e4bcaeb23141601126e017c3b21872542bd67a45d5b5d57b0a2eb263f5

Score

10^/10

azorult discovery infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AU3_EXE.exe

Resource

win7-20220718-en

azorult discovery infostealer spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

AU3_EXE.exe

Resource

win10v2004-20220721-en

azorult discovery infostealer spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://178.140.137.201/twitchyoutube/fk32nOPxf/index.php

Targets

- Target
  
  AU3_EXE.exe
- Size
  
  112KB
- MD5
  
  30bd4415b8698b02c6e39bd8f5343115
- SHA1
  
  3541170096377e396d8991c0dbc128680e7365fd
- SHA256
  
  46e43f0806085da66f4d9bcb7391a618977f5f9a0c6b612e2e02ba6b8e9d1011
- SHA512
  
  f5cb883f0cee38600ebb0a8800bff8e0ef952dd63da27236d2c8e11478026a69296105e4bcaeb23141601126e017c3b21872542bd67a45d5b5d57b0a2eb263f5
Score

10^/10

azorult discovery infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealerspywarestealertrojan

behavioral2

azorultdiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy