azorult | 21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0 | Triage

Sharing

General

Target

21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0
Size

516KB
Sample

221130-xp8sqaac9z
MD5

b9d619b9b382accbc2aa81f4023baf3f
SHA1

e9cc5b7fca5e3c70bf1c66827f7a59e3171359dc
SHA256

21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0
SHA512

4005a2a29c774035da22e825bda67c3af5ea594ff87876e5cbf9e5b5878eca083a27191bbe53adfa25fec26fc1afe5b5e04bf45efc50acf6acc692c2ed90d70f
SSDEEP

12288:g4ElE9n4ixRxYeFqrMDQ9g5QssZsQ7xViHQEx2h3ns:yA8qQ9WsGgaw3hXs

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://pa-magelang.go.id/FTP/index.php

Targets

- Target
  
  21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0
- Size
  
  516KB
- MD5
  
  b9d619b9b382accbc2aa81f4023baf3f
- SHA1
  
  e9cc5b7fca5e3c70bf1c66827f7a59e3171359dc
- SHA256
  
  21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0
- SHA512
  
  4005a2a29c774035da22e825bda67c3af5ea594ff87876e5cbf9e5b5878eca083a27191bbe53adfa25fec26fc1afe5b5e04bf45efc50acf6acc692c2ed90d70f
- SSDEEP
  
  12288:g4ElE9n4ixRxYeFqrMDQ9g5QssZsQ7xViHQEx2h3ns:yA8qQ9WsGgaw3hXs
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultinfostealertrojan