azorult

Resubmissions

06-12-2023 15:44

231206-s6hkmsea7x 10

16-11-2023 20:24

231116-y6snhage4w 10

05-04-2023 06:56

230405-hqtymacc52 10

04-04-2023 08:02

230404-jw4wfsdf69 10

Sharing

Copy URL

Twitter E-mail

General

Target

??????????? ??????????????.exe
Size

234KB
Sample

231116-y6snhage4w
MD5

38d378ff52ea3dba53a07eee3ed769c7
SHA1

94181ebcbe353d496701681b6bd03e06c1c63751
SHA256

0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4
SHA512

ab096595c92f3bca5659b2156e3daed47f70dd8ab3ddff1506ff164a50fa4d15f2503776d43633056ebcb569255295f8f7af53a031f552da1a3f73d017c105cc
SSDEEP

6144:gYa6oBsctoZqfq4S4JV2p9wubvEjRTsObhUXLbPp:gYxcCZqHp2prEVs+C7F

Score

10^/10

Malware Config

Extracted

Family

azorult

http://141.98.6.162/office/index.php

Targets

- Target
  
  ??????????? ??????????????.exe
- Size
  
  234KB
- MD5
  
  38d378ff52ea3dba53a07eee3ed769c7
- SHA1
  
  94181ebcbe353d496701681b6bd03e06c1c63751
- SHA256
  
  0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4
- SHA512
  
  ab096595c92f3bca5659b2156e3daed47f70dd8ab3ddff1506ff164a50fa4d15f2503776d43633056ebcb569255295f8f7af53a031f552da1a3f73d017c105cc
- SSDEEP
  
  6144:gYa6oBsctoZqfq4S4JV2p9wubvEjRTsObhUXLbPp:gYxcCZqHp2prEVs+C7F
Score

10^/10

azorult infostealer trojan discovery evasion persistence spyware stealer upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral10 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9