azorult | b7ff86b6da28a06ee0de3032320ebb3989eb61467e6d40740cfd082444ed9c06 | Triage

Submit
Reports

Overview

overview

Static

static

3

PYMT SUCES...24.exe

windows7-x64

PYMT SUCES...24.exe

windows10-2004-x64

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

General

Target

PYMT SUCESSFUL AVIS CREDIT 12012024.exe
Size

444KB
Sample

240113-aq69ysgfbj
MD5

9352bb54fb680c197ef32e2ebe10e6a5
SHA1

34745e30c5435a715a7ca3b81f78883f72bfb90f
SHA256

b7ff86b6da28a06ee0de3032320ebb3989eb61467e6d40740cfd082444ed9c06
SHA512

3939aa3e87a1c26073ca69db4f5fbc80611188e3c16f8a39ba98389df5e28cd83d04ffbf8928100bb7edeb3119353ed378310d2626c81033cd04e6a1709cca74
SSDEEP

12288:xiMZHMlRkB3d9eQNjfDypk8D8lK+3pvGxuqTypR6snVWvHSM:xiMZsrkZnHdbyC8olyuqKRnVWL

Score

10^/10

azorult collection discovery infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PYMT SUCESSFUL AVIS CREDIT 12012024.exe

Resource

win7-20231215-en

azorult collection discovery infostealer spyware stealer trojan

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

PYMT SUCESSFUL AVIS CREDIT 12012024.exe

Resource

win10v2004-20231215-en

azorult collection discovery infostealer spyware stealer trojan

windows10-2004-x64

23 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/System.dll

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20231215-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  PYMT SUCESSFUL AVIS CREDIT 12012024.exe
- Size
  
  444KB
- MD5
  
  9352bb54fb680c197ef32e2ebe10e6a5
- SHA1
  
  34745e30c5435a715a7ca3b81f78883f72bfb90f
- SHA256
  
  b7ff86b6da28a06ee0de3032320ebb3989eb61467e6d40740cfd082444ed9c06
- SHA512
  
  3939aa3e87a1c26073ca69db4f5fbc80611188e3c16f8a39ba98389df5e28cd83d04ffbf8928100bb7edeb3119353ed378310d2626c81033cd04e6a1709cca74
- SSDEEP
  
  12288:xiMZHMlRkB3d9eQNjfDypk8D8lK+3pvGxuqTypR6snVWvHSM:xiMZsrkZnHdbyC8olyuqKRnVWL
Score

10^/10

azorult collection discovery infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  d968cb2b98b83c03a9f02dd9b8df97dc
- SHA1
  
  d784c9b7a92dce58a5038beb62a48ff509e166a0
- SHA256
  
  a4ec98011ef99e595912718c1a1bf1aa67bfc2192575729d42f559d01f67b95c
- SHA512
  
  2ee41dc68f329a1519a8073ece7d746c9f3bf45d8ef3b915deb376af37e26074134af5f83c8af0fe0ab227f0d1acca9f37e5ca7ae37c46c3bcc0331fe5e2b97e
- SSDEEP
  
  192:CVA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:CrR7SrtTv53tdtTgwF4SQbGPX36wJMw
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultcollectiondiscoveryinfostealerspywarestealertrojan

behavioral2

azorultcollectiondiscoveryinfostealerspywarestealertrojan

behavioral3

behavioral4

© 2018-2024

Terms | Privacy