azorult

General

Target

Dekont#17.07.2023.exe
Size

154KB
Sample

230717-gvwgksae42
MD5

571ee58005b14af0965178929079625b
SHA1

c8df9921cfa7fde32269c058f1361c4f5f117935
SHA256

7501179eedf19e9b094ed763b880f4673998ecef6d8b4732985d04ee0ef1ea1e
SHA512

3f884a0d24e505fddd38d78363aff5f30ced6a29265a1e8342a301a3a56a7f7bf5646e2304212f5c9a9e6e3cf44df82314d1a4ac9d3b72a8782b23c62364d279
SSDEEP

3072:+NzPHk9MpcQbhvCa7XgwLrn0f3Inmq0vd8LI2eTTn99Gddwkqu8DfHrCj:+hRFhvt7XvLrna3Movd6eTCDzqRvrCj

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://mcoaz.shop/DXO341/index.php

Targets

- Target
  
  Dekont#17.07.2023.exe
- Size
  
  154KB
- MD5
  
  571ee58005b14af0965178929079625b
- SHA1
  
  c8df9921cfa7fde32269c058f1361c4f5f117935
- SHA256
  
  7501179eedf19e9b094ed763b880f4673998ecef6d8b4732985d04ee0ef1ea1e
- SHA512
  
  3f884a0d24e505fddd38d78363aff5f30ced6a29265a1e8342a301a3a56a7f7bf5646e2304212f5c9a9e6e3cf44df82314d1a4ac9d3b72a8782b23c62364d279
- SSDEEP
  
  3072:+NzPHk9MpcQbhvCa7XgwLrn0f3Inmq0vd8LI2eTTn99Gddwkqu8DfHrCj:+hRFhvt7XvLrna3Movd6eTCDzqRvrCj
Score

10^/10

azorult guloader discovery downloader infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Guloader,Cloudeye

Checks QEMU agent file

Loads dropped DLL

Checks installed software on the system

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2