azorult | a63e2543ef07a1160f0df4e653e7059b097c08a9f48aa1c67168a4ad17d7d66e | Triage

Sharing

General

Target

ce717ce09f6aeaaab7d13f2f1b49fe85.bin
Size

301KB
Sample

240208-d2j6cacc89
MD5

2cf646c6d42cbd8614a73cc04d23fb16
SHA1

b29371a28b5edd459611cf936a63730cd14a0056
SHA256

a63e2543ef07a1160f0df4e653e7059b097c08a9f48aa1c67168a4ad17d7d66e
SHA512

0dadc404abad6317bc403e7b95a8829b0c39586c3225f0c39979c617eed6711002e5c86f55369cb70ccaea30f082f156019c81a66fac4ae958bfe62a4f009932
SSDEEP

6144:XbhEwzjbgVnEbpFEyOmU3GvcUPCruZ0LEnbhBwkAk2XkyJXqwL:rhEwzuEbnEyw3sQP4nNBbl2UyJX5L

Score

10^/10

azorult guloader downloader infostealer macos trojan

Malware Config

Targets

- Target
  
  b09c72bf641ac0a02873bc9621c4985b6f9d08f41de614e33b79b91bf1f6c857.exe
- Size
  
  414KB
- MD5
  
  ce717ce09f6aeaaab7d13f2f1b49fe85
- SHA1
  
  55fecd0b70fdee09035105c3dda1d6dd987e61d6
- SHA256
  
  b09c72bf641ac0a02873bc9621c4985b6f9d08f41de614e33b79b91bf1f6c857
- SHA512
  
  d4e37f82cec810c5c4ea651b63e871b5ce40acd7b74f3a956f4e2d29356493d195dcea634b946509330f1d415168e0761a7597d9909a9d5e0a49d961ed9a3694
- SSDEEP
  
  6144:L4t6Lsvq5WSBHh/5cK/vBHc2Z1qkyi9lscIKAhDG4TXAog6cjmSlJej:LkvqcSBHh/5zRHBgkyrKAv5pcCoJk
Score

10^/10

azorult guloader downloader infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  17ed1c86bd67e78ade4712be48a7d2bd
- SHA1
  
  1cc9fe86d6d6030b4dae45ecddce5907991c01a0
- SHA256
  
  bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
- SHA512
  
  0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
- SSDEEP
  
  192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  42b064366f780c1f298fa3cb3aeae260
- SHA1
  
  5b0349db73c43f35227b252b9aa6555f5ede9015
- SHA256
  
  c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
- SHA512
  
  50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7
- SSDEEP
  
  192:o68cSzvTyl4tgi8pPjQM0PuAg0YNyoIFtSP:LBSzm+t18pZ0WAg0RoIFg
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  b55f7f1b17c39018910c23108f929082
- SHA1
  
  1601f1cc0d0d6bcf35799b7cd15550cd01556172
- SHA256
  
  c4c6fe032f3cd8b31528d7b99661f85ee22cb78746aee98ec568431d4f5043f7
- SHA512
  
  d652f2b09396ef7b9181996c4700b25840ceaa6c1c10080a55ce3db4c25d8d85f00a21e747f9d14a3374be4cdd4ea829a18d7de9b27b13b5e304447f3e9268fa
- SSDEEP
  
  96:L7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN538:RbGgGPzxeX6D8ZyGgmkN
Score

3^/10
behavioral7 behavioral8
- Target
  
  Graastener/megapode.app
- Size
  
  15KB
- MD5
  
  6e941ea97a92ac8ee4ac713c354c58f6
- SHA1
  
  3f23f03bf6547b2bf4b8a6eb00777a55aaf999ce
- SHA256
  
  a3a45b243179f04a923e01a8f360aafa9d628b32354453f08c0b1c31797a534b
- SHA512
  
  d2b43f6cf6d7e74c1053416213fcc35c30ca029c0c2f34de9553ad2adb92b923daf83611ba9b7b9d905ad1e60c53434dcd7ea58d3c0bf47ffa8b0e59b6cea489
- SSDEEP
  
  384:U5FKcGSrXmxrPAn8EFGftXcMOxFILjA1BoLSw9QVN/Nr:IFUAYDEwftXcMkujKo6/Nr
Score

1^/10
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultguloaderdownloaderinfostealertrojan

behavioral2

azorultguloaderdownloaderinfostealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9