azorult | 1562364a3048ef8e00720e3bc0c6588ed7a4d8f560c5bdafa5b19503e159a8a8 | Triage

Submit
Reports

Overview

overview

Static

static

1

DRAFT BILL...DF.vbs

windows7-x64

DRAFT BILL...DF.vbs

windows10-2004-x64

Resubmissions

19-03-2024 02:47

240319-c933rafe33 8

12-03-2024 07:14

240312-h2m98abc9z 10

Sharing

General

Target

DRAFT BILL OF LADING.PDF.vbs
Size

27KB
Sample

240312-h2m98abc9z
MD5

8ce482c332e9ec80d47c64edc65b6a70
SHA1

c4ceaf9bf0791068f650f28674f09ac345bdc3cd
SHA256

1562364a3048ef8e00720e3bc0c6588ed7a4d8f560c5bdafa5b19503e159a8a8
SHA512

3471397b056c668363b309fa26374a849e02b3a191a0f4a1ac33f723e8358fda9911faadd9927f65f424e974a3ab6f2c88406bb4880ce88155ab172465126886
SSDEEP

768:4OMHs3w3rf5xGsmKQblBW2MQK/fFXSiP10E:403w3rDTpQZjOSiPD

Score

10^/10

azorult collection infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

DRAFT BILL OF LADING.PDF.vbs

Resource

win7-20240221-en

azorult collection infostealer spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

DRAFT BILL OF LADING.PDF.vbs

Resource

win10v2004-20240226-en

azorult infostealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  DRAFT BILL OF LADING.PDF.vbs
- Size
  
  27KB
- MD5
  
  8ce482c332e9ec80d47c64edc65b6a70
- SHA1
  
  c4ceaf9bf0791068f650f28674f09ac345bdc3cd
- SHA256
  
  1562364a3048ef8e00720e3bc0c6588ed7a4d8f560c5bdafa5b19503e159a8a8
- SHA512
  
  3471397b056c668363b309fa26374a849e02b3a191a0f4a1ac33f723e8358fda9911faadd9927f65f424e974a3ab6f2c88406bb4880ce88155ab172465126886
- SSDEEP
  
  768:4OMHs3w3rf5xGsmKQblBW2MQK/fFXSiP10E:403w3rDTpQZjOSiPD
Score

10^/10

azorult collection infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultcollectioninfostealerspywarestealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy