azorult | 7406da890d87374ab8f524683aef1c11f201068b95095aa20ac3712daaa0c5b3 | Triage

Resubmissions

21-02-2024 17:47

240221-wc29qsda45 10

20-02-2024 05:45

240220-gf8tcscg79 10

Sharing

General

Target

7406da890d87374ab8f524683aef1c11f201068b95095aa20ac3712daaa0c5b3.exe
Size

1.5MB
Sample

240220-gf8tcscg79
MD5

ef25ff0d23d8da1b5250fd896896f53e
SHA1

390d474c015306ebd252978d7dba78720238543b
SHA256

7406da890d87374ab8f524683aef1c11f201068b95095aa20ac3712daaa0c5b3
SHA512

976a67d43491a9b81ee04bb9fc80fc2f08c8b4415bbffad50be1a6e67912cb5995cbded04990397df78af785c60bbf89a1d1d0626aca1ec091344293424ea49d
SSDEEP

49152:FTvC/MTQYxsWR7acyejdjIQl6kX7sXf8n0irmNmSb6HCjsZ:pjTQYxsWR5yejdjIQl6kX7sXf8nzrm8l

Score

10^/10

azorult collection infostealer spyware stealer trojan

Malware Config

Extracted

Family

azorult

C2

http://mhlc.shop/MC341/index.php

Targets

- Target
  
  7406da890d87374ab8f524683aef1c11f201068b95095aa20ac3712daaa0c5b3.exe
- Size
  
  1.5MB
- MD5
  
  ef25ff0d23d8da1b5250fd896896f53e
- SHA1
  
  390d474c015306ebd252978d7dba78720238543b
- SHA256
  
  7406da890d87374ab8f524683aef1c11f201068b95095aa20ac3712daaa0c5b3
- SHA512
  
  976a67d43491a9b81ee04bb9fc80fc2f08c8b4415bbffad50be1a6e67912cb5995cbded04990397df78af785c60bbf89a1d1d0626aca1ec091344293424ea49d
- SSDEEP
  
  49152:FTvC/MTQYxsWR7acyejdjIQl6kX7sXf8n0irmNmSb6HCjsZ:pjTQYxsWR5yejdjIQl6kX7sXf8nzrm8l
Score

10^/10

azorult collection infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultcollectioninfostealerspywarestealertrojan

behavioral2

azorultcollectioninfostealerspywarestealertrojan