azorult | 16cce7de5b4dfb6933aab0dd4388a5e9800f8811877a9087bb2964c098ad6c62 | Triage

Sharing

General

Target

16cce7de5b4dfb6933aab0dd4388a5e9800f8811877a9087bb2964c098ad6c62
Size

2.2MB
Sample

230411-lq65qsdd3w
MD5

1680cc2c45f54513098e40bd08d4fb54
SHA1

d2fab5c06192de87f167235d6dba99deef901539
SHA256

16cce7de5b4dfb6933aab0dd4388a5e9800f8811877a9087bb2964c098ad6c62
SHA512

21059584d12d8c2413e41634f1cf24104bd27e8faa83397fb5f1b0299d316d7f58a21fea60acfa5f6cac3da190fa05e4894d5001c558cdcb300d273c25c6538e
SSDEEP

49152:h9e35Wux3n30vyPbm4SA/ewYEHvknHdqdEePo:h9e3xQ

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://bll5e.shop/dbkl/index.php

Targets

- Target
  
  16cce7de5b4dfb6933aab0dd4388a5e9800f8811877a9087bb2964c098ad6c62
- Size
  
  2.2MB
- MD5
  
  1680cc2c45f54513098e40bd08d4fb54
- SHA1
  
  d2fab5c06192de87f167235d6dba99deef901539
- SHA256
  
  16cce7de5b4dfb6933aab0dd4388a5e9800f8811877a9087bb2964c098ad6c62
- SHA512
  
  21059584d12d8c2413e41634f1cf24104bd27e8faa83397fb5f1b0299d316d7f58a21fea60acfa5f6cac3da190fa05e4894d5001c558cdcb300d273c25c6538e
- SSDEEP
  
  49152:h9e35Wux3n30vyPbm4SA/ewYEHvknHdqdEePo:h9e3xQ
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan