azorult

General

Target

http://beachwood.ug/ghjkl.exe
Sample

230323-slmzmaad6y

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  http://beachwood.ug/ghjkl.exe
Score

10^/10

azorult modiloader rhadamanthys collection infostealer stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect rhadamanthys stealer shellcode
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- ModiLoader Second Stage
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect rhadamanthys stealer shellcode

ModiLoader, DBatLoader

Rhadamanthys

ModiLoader Second Stage

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Accesses Microsoft Outlook profiles

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

urlscan1

behavioral1