azorult | f9eabd0f4a06e7878ae99fb9c5bedd90517780f91fdd559d5d3852823dab0573 | Triage

Submit
Reports

Overview

overview

Static

static

1

MD4170147SHP- TRF.exe

windows7-x64

MD4170147SHP- TRF.exe

windows10-2004-x64

Sharing

General

Target

MD4170147SHP- TRF.exe
Size

773KB
Sample

231211-anbp9shde5
MD5

5fb1817af0d04e7070006564d01824ca
SHA1

9cbc6c05f67752fd5718af7deb0c19a4aa374686
SHA256

f9eabd0f4a06e7878ae99fb9c5bedd90517780f91fdd559d5d3852823dab0573
SHA512

31ba5f3c7956b053c0a9c49388c17568db22c1795ece54e59c528cacd213e8b1eae078589fd615bbb9b46eb95527c5b5fc7c1f7682c41b7c1ee39ecf07106f80
SSDEEP

12288:lqwwbXXyWCpPJ3yvtK3PbybVVInOh3Uo/hyBfzj7ELAplrOeC/z3bAdQ:+LyWCpPetK/0VInsN4fv7EKrD+zLAdQ

Score

10^/10

azorult collection infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MD4170147SHP- TRF.exe

Resource

win7-20231023-en

azorult collection infostealer spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

MD4170147SHP- TRF.exe

Resource

win10v2004-20231127-en

azorult collection infostealer spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  MD4170147SHP- TRF.exe
- Size
  
  773KB
- MD5
  
  5fb1817af0d04e7070006564d01824ca
- SHA1
  
  9cbc6c05f67752fd5718af7deb0c19a4aa374686
- SHA256
  
  f9eabd0f4a06e7878ae99fb9c5bedd90517780f91fdd559d5d3852823dab0573
- SHA512
  
  31ba5f3c7956b053c0a9c49388c17568db22c1795ece54e59c528cacd213e8b1eae078589fd615bbb9b46eb95527c5b5fc7c1f7682c41b7c1ee39ecf07106f80
- SSDEEP
  
  12288:lqwwbXXyWCpPJ3yvtK3PbybVVInOh3Uo/hyBfzj7ELAplrOeC/z3bAdQ:+LyWCpPetK/0VInsN4fv7EKrD+zLAdQ
Score

10^/10

azorult collection infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultcollectioninfostealerspywarestealertrojan

behavioral2

azorultcollectioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy