azorult

General

Target

30462aa7a4bc20844671000903b5f4fc_JaffaCakes118
Size

1.4MB
Sample

240330-brtkxsef67
MD5

30462aa7a4bc20844671000903b5f4fc
SHA1

929b843e6e2d10d699fd8fb862ec681003cb9f91
SHA256

3a667485b1ccba134ee637aab2caf19d9d2dca135e259cac62b38fca0fa1acfc
SHA512

5c12e78d89e5c561a823b7bdee268f5a5fb283c9cbb9ca017fa631dee45a2229b1e9d72ef34ce3379653871812e11b1b5cf2dd65ca4793f2ddea27c1462870cf
SSDEEP

24576:hdqTdTKk1bTXjVBs8quKJDSg3uDZBMkMWjrAsGeDrbgrA1Sj1CPdKfByVYxq8aMx:HYZX3aSg+dBgaNGkAUwj0PAyz8aMS9Hy

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://cupononline.pk/index.php

Targets

- Target
  
  PTSans._exe_
- Size
  
  552KB
- MD5
  
  88cab3e01e7d2274dd56a8d4b605cafb
- SHA1
  
  d78df20a64aecb448521975d88360e5c9392cf2c
- SHA256
  
  270ccfd9fa5927e0dd36355f13d51ea5af5fe643c3cf22f374ca60ce6a73b7a5
- SHA512
  
  01ad52674350a68c461f284912a654514ca28fbf77cf1d99711e0df38e571fbca3d186f7ae0cfcf62fca135a09af6ecec481df014702605d07a8a542e39578d0
- SSDEEP
  
  12288:dh1Lk70TnvjcDXVrpUGT+PgTQ7761bPXdlzbNQ8qd:Zk70TrcDZvTs61bPXjzBQ8qd
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  sserv._jpg_
- Size
  
  1.4MB
- MD5
  
  4c6f64715df65201b347a48ac66d3daa
- SHA1
  
  2c4ff72e0f17af6dad7146a2f9de06e1187e0b69
- SHA256
  
  414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
- SHA512
  
  64b3b78a5a22eac66ad73954870e8beb620815735b6c3554c65965c913679d0d78fdc9d5403038101ed1f8a6934cff8377ade62985c839d3ff980a15d1392e6d
- SSDEEP
  
  24576:AcH4RyUdH474qoYqDDBfdcxVrGpw+yf2fJala9wth/j9O/1:jgh4sqoYiDge3o2xaASZMd
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4