azorult | 4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3e | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

1

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

7.2MB
Sample

230410-r35qbsag99
MD5

e5e6dc2c08d6d34b5427ca50ecba3431
SHA1

99e978ac35c3a33b075c4dbdab1e175c361e2396
SHA256

4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3e
SHA512

ef7dc22decefa854deb71713c662ffb28500bb8e0660a1da81f93bc517ffc9c6614200c9e0cdbd14d10599926358a4090c7ff9dc7e6b9a8315de13ec11c50a0c
SSDEEP

49152:A1H4VI6/UGwPVGv8i5aU0Bc21/K2Xd8nGozc30kaZt3DJIHo1fmHp+d2Zcxb2W7k:TD8GwVAn29XbozcEX7

Score

10^/10

azorult rhadamanthys collection infostealer persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230220-en

azorult rhadamanthys collection infostealer persistence stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  file.exe
- Size
  
  7.2MB
- MD5
  
  e5e6dc2c08d6d34b5427ca50ecba3431
- SHA1
  
  99e978ac35c3a33b075c4dbdab1e175c361e2396
- SHA256
  
  4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3e
- SHA512
  
  ef7dc22decefa854deb71713c662ffb28500bb8e0660a1da81f93bc517ffc9c6614200c9e0cdbd14d10599926358a4090c7ff9dc7e6b9a8315de13ec11c50a0c
- SSDEEP
  
  49152:A1H4VI6/UGwPVGv8i5aU0Bc21/K2Xd8nGozc30kaZt3DJIHo1fmHp+d2Zcxb2W7k:TD8GwVAn29XbozcEX7
Score

10^/10

azorult rhadamanthys collection infostealer persistence stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

azorultrhadamanthyscollectioninfostealerpersistencestealertrojan

© 2018-2024

Terms | Privacy