azorult | 13c9ec087b8177e95285fd90ddffb04a3858dbf7316bb1bddc0ab32e38f1c806 | Triage

Submit
Reports

Overview

overview

Static

static

Orden de c...df.exe

windows7-x64

Orden de c...df.exe

windows10-2004-x64

Sharing

General

Target

Orden de compra [Knuth] 27092022,pdf.exe
Size

320KB
Sample

220927-t1dj6sfabj
MD5

603e36c798ef46aa49807ff5c90d75a1
SHA1

24a8170fe7bd916027f7cce59c96440e033329f8
SHA256

13c9ec087b8177e95285fd90ddffb04a3858dbf7316bb1bddc0ab32e38f1c806
SHA512

faf6db66bf5a309801cdabd87985ad95f44cbdb75ea6326aabf4287e7f8b5b54524961d22bc2d52af49b4a541194acb1becf4bfc6dff71b54d98d505c5043d87
SSDEEP

3072:ePfue1xUk222ur+JAdYTBaAWcCElvxHATALhpPh4yW4+9wqY+mhhhmitqOToq:G73222jA2tat2xeTWTPh4y3Ki

Score

10^/10

azorult collection infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Orden de compra [Knuth] 27092022,pdf.exe

Resource

win7-20220812-en

azorult infostealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Orden de compra [Knuth] 27092022,pdf.exe

Resource

win10v2004-20220901-en

azorult collection infostealer spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://kngpdrp.shop/PL341/index.php

Targets

- Target
  
  Orden de compra [Knuth] 27092022,pdf.exe
- Size
  
  320KB
- MD5
  
  603e36c798ef46aa49807ff5c90d75a1
- SHA1
  
  24a8170fe7bd916027f7cce59c96440e033329f8
- SHA256
  
  13c9ec087b8177e95285fd90ddffb04a3858dbf7316bb1bddc0ab32e38f1c806
- SHA512
  
  faf6db66bf5a309801cdabd87985ad95f44cbdb75ea6326aabf4287e7f8b5b54524961d22bc2d52af49b4a541194acb1becf4bfc6dff71b54d98d505c5043d87
- SSDEEP
  
  3072:ePfue1xUk222ur+JAdYTBaAWcCElvxHATALhpPh4yW4+9wqY+mhhhmitqOToq:G73222jA2tat2xeTWTPh4y3Ki
Score

10^/10

azorult infostealer trojan collection spyware stealer
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultcollectioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy