azorult | d4972e632408d130ac20c21fff113636a07cee0fbb133c713222167e37a661a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

b27a73bf37...37.exe

windows7-x64

b27a73bf37...37.exe

windows10-2004-x64

Sharing

General

Target

b27a73bf37f9c4cc6cb15cc2c33e1437
Size

2.3MB
Sample

240304-sy7vkaeg39
MD5

b27a73bf37f9c4cc6cb15cc2c33e1437
SHA1

ed7e3fcec25ff46faa34761fffeffa386efd4963
SHA256

d4972e632408d130ac20c21fff113636a07cee0fbb133c713222167e37a661a0
SHA512

52cb00876258331053e8a16de27f527a2f7e1d616eef32ef6182b2804d56f2d52eaf4f13cc22819b48ae08b7df1346fbd81635cbe53965a06b94f4775c97c6d3
SSDEEP

49152:N62yDTxuClGJWEszfqA1SC2x608BpRheHVr5K7IRQXv:kxfGcESb1ScPRh2tK7O6v

Score

10^/10

azorult infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b27a73bf37f9c4cc6cb15cc2c33e1437.exe

Resource

win7-20240221-en

azorult infostealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b27a73bf37f9c4cc6cb15cc2c33e1437.exe

Resource

win10v2004-20240226-en

azorult infostealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://ziz.zzz.com.ua/index.php

Targets

- Target
  
  b27a73bf37f9c4cc6cb15cc2c33e1437
- Size
  
  2.3MB
- MD5
  
  b27a73bf37f9c4cc6cb15cc2c33e1437
- SHA1
  
  ed7e3fcec25ff46faa34761fffeffa386efd4963
- SHA256
  
  d4972e632408d130ac20c21fff113636a07cee0fbb133c713222167e37a661a0
- SHA512
  
  52cb00876258331053e8a16de27f527a2f7e1d616eef32ef6182b2804d56f2d52eaf4f13cc22819b48ae08b7df1346fbd81635cbe53965a06b94f4775c97c6d3
- SSDEEP
  
  49152:N62yDTxuClGJWEszfqA1SC2x608BpRheHVr5K7IRQXv:kxfGcESb1ScPRh2tK7O6v
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy