azorult | 18f0eeec4de09ac329406c8a6cc99763015cf654ebc5404bb6150f6cf879bcb8 | Triage

Submit
Reports

Overview

overview

Static

static

1

8ba6987bd8...af.exe

windows7-x64

8ba6987bd8...af.exe

windows10-2004-x64

Sharing

General

Target

8ba6987bd8e765df43142f5b7803c88eccc85faf.exe
Size

424KB
Sample

221130-k9lsgaag3t
MD5

a9b6246022869177cb7d66177b2bb480
SHA1

8ba6987bd8e765df43142f5b7803c88eccc85faf
SHA256

18f0eeec4de09ac329406c8a6cc99763015cf654ebc5404bb6150f6cf879bcb8
SHA512

21ccb922e58aec1c1aac280e8335c925b4d0982286c97844590682729e6f33896076cf1dddac366ae466b78c2d02ad588241bc0b658072b6edcf78a363c419d5
SSDEEP

6144:37ecOvI7EzEGRtx516Zkc3a6ZXGokcG1W9TwfpkkUnbPJUDlm4aaEt2GoyN6pB+H:r5CEI6Z9a6Is19Twfp6nDwlmXlw5wc4

Score

10^/10

azorult infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8ba6987bd8e765df43142f5b7803c88eccc85faf.exe

Resource

win7-20220812-en

azorult infostealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8ba6987bd8e765df43142f5b7803c88eccc85faf.exe

Resource

win10v2004-20221111-en

azorult infostealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://balaborka.com/index.php

Targets

- Target
  
  8ba6987bd8e765df43142f5b7803c88eccc85faf.exe
- Size
  
  424KB
- MD5
  
  a9b6246022869177cb7d66177b2bb480
- SHA1
  
  8ba6987bd8e765df43142f5b7803c88eccc85faf
- SHA256
  
  18f0eeec4de09ac329406c8a6cc99763015cf654ebc5404bb6150f6cf879bcb8
- SHA512
  
  21ccb922e58aec1c1aac280e8335c925b4d0982286c97844590682729e6f33896076cf1dddac366ae466b78c2d02ad588241bc0b658072b6edcf78a363c419d5
- SSDEEP
  
  6144:37ecOvI7EzEGRtx516Zkc3a6ZXGokcG1W9TwfpkkUnbPJUDlm4aaEt2GoyN6pB+H:r5CEI6Z9a6Is19Twfp6nDwlmXlw5wc4
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy