azorult | 043c0f35c48bfc42f8e8aa3684ff7277e9655a0a57d8fc959462bae10652a670 | Triage

Sharing

General

Target

043c0f35c48bfc42f8e8aa3684ff7277e9655a0a57d8fc959462bae10652a670.exe
Size

287KB
Sample

230405-sfljlsfd97
MD5

0da730fe948ac7f7e696ec547521da93
SHA1

b4df4f154195438c5c7bdcc3d72a71b816cfbd7c
SHA256

043c0f35c48bfc42f8e8aa3684ff7277e9655a0a57d8fc959462bae10652a670
SHA512

d712e52e9128c8e180d47093cd4f3fe1dba844c71183bab5bb992b4e461be25a4996b17b8847213b358a7c5071863749f31b20ebc898c881b2f5b43a19fa5e07
SSDEEP

6144:gYa6oBcDavcqOnPmLBD1K0KAQlUjMRyIkwlqSgcoYk0gd:gYhDRqu+LHK7AeUjJivBpk0U

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://85.31.45.29/myoffice/index.php

Targets

- Target
  
  043c0f35c48bfc42f8e8aa3684ff7277e9655a0a57d8fc959462bae10652a670.exe
- Size
  
  287KB
- MD5
  
  0da730fe948ac7f7e696ec547521da93
- SHA1
  
  b4df4f154195438c5c7bdcc3d72a71b816cfbd7c
- SHA256
  
  043c0f35c48bfc42f8e8aa3684ff7277e9655a0a57d8fc959462bae10652a670
- SHA512
  
  d712e52e9128c8e180d47093cd4f3fe1dba844c71183bab5bb992b4e461be25a4996b17b8847213b358a7c5071863749f31b20ebc898c881b2f5b43a19fa5e07
- SSDEEP
  
  6144:gYa6oBcDavcqOnPmLBD1K0KAQlUjMRyIkwlqSgcoYk0gd:gYhDRqu+LHK7AeUjJivBpk0U
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan