azorult | hxxp://wiwirdo[.]ac[.]ug/azne[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

1

http://wiwirdo.ac.ug...

windows7-x64

http://wiwirdo.ac.ug...

windows10-2004-x64

Sharing

General

Target

http://wiwirdo.ac.ug/azne.exe
Sample

220812-ggcsbahcgq

Score

10^/10

azorult infostealer trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

http://wiwirdo.ac.ug/azne.exe

Resource

win7-20220715-en

azorult infostealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

http://wiwirdo.ac.ug/azne.exe

Resource

win10v2004-20220722-en

azorult infostealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  http://wiwirdo.ac.ug/azne.exe
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy