azorult | 5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef | Triage

Resubmissions

20-12-2023 23:57

231220-3z2p2shdb7 10

18-12-2023 08:52

231218-ksp4kabbf8 10

Sharing

General

Target

Bokos.exe
Size

740KB
Sample

231218-ksp4kabbf8
MD5

222f2cca1a46890e09274e44a549baee
SHA1

98d097eeea1c4b608939ae12d9a72f05a6015219
SHA256

5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef
SHA512

789795ce6f9c855d2a1fc4fbb67ec6e86d6c2ebafef26fe8b4a1a9733df53acb05e7031a27663f6281c13c6c6072c9257f58f24183303041f4c15c8684ccbf66
SSDEEP

12288:CqwwbXXyWMnGcHtjLxLIC3gmRznHVkBou/o/hyBfzj7ELAplrOeC/z3bAdTr:hLyWATHfICFzn1k164fv7EKrD+zLAdTr

Score

10^/10

azorult infostealer trojan

Malware Config

Targets

- Target
  
  Bokos.exe
- Size
  
  740KB
- MD5
  
  222f2cca1a46890e09274e44a549baee
- SHA1
  
  98d097eeea1c4b608939ae12d9a72f05a6015219
- SHA256
  
  5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef
- SHA512
  
  789795ce6f9c855d2a1fc4fbb67ec6e86d6c2ebafef26fe8b4a1a9733df53acb05e7031a27663f6281c13c6c6072c9257f58f24183303041f4c15c8684ccbf66
- SSDEEP
  
  12288:CqwwbXXyWMnGcHtjLxLIC3gmRznHVkBou/o/hyBfzj7ELAplrOeC/z3bAdTr:hLyWATHfICFzn1k164fv7EKrD+zLAdTr
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan