azorult | b17982b84d161b4f3071af6cedb687b80569aff940441f244642599f0eb2f8a0 | Triage

Submit
Reports

Overview

overview

Static

static

DHLFreight...df.exe

windows7-x64

DHLFreight...df.exe

windows10-2004-x64

Sharing

General

Target

DHLFreight.TR, pdf.exe
Size

155KB
Sample

220922-sj2p1abgc4
MD5

4d4654e4ac669d5f4eaa278ab91153d2
SHA1

9adbd5a83f3393a6b270b1492f891de0f2d9f5c2
SHA256

b17982b84d161b4f3071af6cedb687b80569aff940441f244642599f0eb2f8a0
SHA512

34f902900f7da2dc83649ddb8c75d07a2604881ae58e0658145bbb189492c3539b502333d5c2baa5fd1a156007681a9c483d97bcfdc768d114e48348fa9efc78
SSDEEP

3072:mNLTkCi4InQeMjIrWKFLtV65IP3NjkzjVJ7gyLtYfHm:m5TQnQeMk1tVtmzv/6G

Score

10^/10

azorult collection infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

DHLFreight.TR, pdf.exe

Resource

win7-20220812-en

azorult collection infostealer spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHLFreight.TR, pdf.exe

Resource

win10v2004-20220812-en

azorult collection infostealer spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://bl3ds2.shop/PL341/index.php

Targets

- Target
  
  DHLFreight.TR, pdf.exe
- Size
  
  155KB
- MD5
  
  4d4654e4ac669d5f4eaa278ab91153d2
- SHA1
  
  9adbd5a83f3393a6b270b1492f891de0f2d9f5c2
- SHA256
  
  b17982b84d161b4f3071af6cedb687b80569aff940441f244642599f0eb2f8a0
- SHA512
  
  34f902900f7da2dc83649ddb8c75d07a2604881ae58e0658145bbb189492c3539b502333d5c2baa5fd1a156007681a9c483d97bcfdc768d114e48348fa9efc78
- SSDEEP
  
  3072:mNLTkCi4InQeMjIrWKFLtV65IP3NjkzjVJ7gyLtYfHm:m5TQnQeMk1tVtmzv/6G
Score

10^/10

azorult collection infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultcollectioninfostealerspywarestealertrojan

behavioral2

azorultcollectioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy