azorult | 23aea1c371420be7d6119b55d5584b590180bfe7c72666f44578d3ae589a7cb5 | Triage

Submit
Reports

Overview

overview

Static

static

5

NLBrute 1....en.exe

windows10-1703-x64

NLBrute 1....en.exe

windows10-2004-x64

Sharing

General

Target

NLBrute 1.2 Crack x64.zip
Size

16.0MB
Sample

230312-kh9p8adc98
MD5

bc3f07d7caa973da244a9cda1758ae06
SHA1

d73a0cd38110d6c574c261b5c7ae2f5fffe815ef
SHA256

23aea1c371420be7d6119b55d5584b590180bfe7c72666f44578d3ae589a7cb5
SHA512

1a36ce6beb611e4f104f04e34cd42bc3e76dd56ffb3da537bee2967c28e76cbcb20b06539c903826ff4b5791f897309912855fcd4217dc9ca936b2ab5f9a1f15
SSDEEP

393216:a1Qrs448Kg9khTwb8xlkSS1I4QoOPftgVV:aX44P+kKvI4qfGL

Score

10^/10

azorult infostealer trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NLBrute 1.2 Crack x64/NLB_Licenz/NLB_Licenz/NLBrute 1.2 x64 & VPN - KeyGen.exe

Resource

win10-20230220-en

azorult infostealer trojan vmprotect

windows10-1703-x64

11 signatures

60 seconds

Behavioral task

behavioral2

Sample

NLBrute 1.2 Crack x64/NLB_Licenz/NLB_Licenz/NLBrute 1.2 x64 & VPN - KeyGen.exe

Resource

win10v2004-20230221-en

azorult infostealer trojan vmprotect

windows10-2004-x64

12 signatures

60 seconds

Malware Config

Extracted

Family

azorult

C2

http://updateinstall.xyz/6616a.php

Targets

- Target
  
  NLBrute 1.2 Crack x64/NLB_Licenz/NLB_Licenz/NLBrute 1.2 x64 & VPN - KeyGen.exe
- Size
  
  9.7MB
- MD5
  
  1b5675c93a01b5086a60aa3856a4e4f8
- SHA1
  
  4147f00569cb6dbcc2e7787663bcefb4b30243e2
- SHA256
  
  1db16882d923db80879a7d8d3fa724414e043b91ab160608c99a11df0651280f
- SHA512
  
  1ba9903c1d8ca5073abc94301286e71b3126252eb9e77c0b692c042aecd23977d1ff90ee2e203bcba090ffc12cd4fab00d406d998da288ecc64c5f60c708211a
- SSDEEP
  
  196608:7CKGs7lPGbFRoaNhBv5IFNW0Y0G6zZ7UAuAxid8Om6:eopoucRiK0Yq73xgP
Score

10^/10

azorult infostealer trojan vmprotect
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojanvmprotect

behavioral2

azorultinfostealertrojanvmprotect

© 2018-2024

Terms | Privacy