azorult | 0147514d04314f006782504bcb3a831116bd25f6189e011ae21deb97933cb4d4 | Triage

Submit
Reports

Overview

overview

Static

static

0147514d04...d4.exe

windows7-x64

0147514d04...d4.exe

windows10-2004-x64

Sharing

General

Target

0147514d04314f006782504bcb3a831116bd25f6189e011ae21deb97933cb4d4
Size

721KB
Sample

240406-wp566aff63
MD5

a06bd60bc70441dafc0af0ca27c48fae
SHA1

b53edc999399d707b113af9fd25b97e4db62c927
SHA256

0147514d04314f006782504bcb3a831116bd25f6189e011ae21deb97933cb4d4
SHA512

8281e8d81a2c286daa5bd86db05ccd36ba0744af6126c9e1e0e24f63c32c69c919d2e62d04a802b8ced4de803d6d58de88e7981811f29b6a0fbbbd7791a1547c
SSDEEP

12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75r:arl6kD68JmloO7TdNaPymUi63i62xHL3

Score

10^/10

azorult infostealer trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

0147514d04314f006782504bcb3a831116bd25f6189e011ae21deb97933cb4d4.exe

Resource

win7-20240221-en

azorult infostealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0147514d04314f006782504bcb3a831116bd25f6189e011ae21deb97933cb4d4.exe

Resource

win10v2004-20240226-en

azorult infostealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

- Target
  
  0147514d04314f006782504bcb3a831116bd25f6189e011ae21deb97933cb4d4
- Size
  
  721KB
- MD5
  
  a06bd60bc70441dafc0af0ca27c48fae
- SHA1
  
  b53edc999399d707b113af9fd25b97e4db62c927
- SHA256
  
  0147514d04314f006782504bcb3a831116bd25f6189e011ae21deb97933cb4d4
- SHA512
  
  8281e8d81a2c286daa5bd86db05ccd36ba0744af6126c9e1e0e24f63c32c69c919d2e62d04a802b8ced4de803d6d58de88e7981811f29b6a0fbbbd7791a1547c
- SSDEEP
  
  12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75r:arl6kD68JmloO7TdNaPymUi63i62xHL3
Score

10^/10

azorult infostealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultinfostealertrojanupx

behavioral2

azorultinfostealertrojanupx

© 2018-2024

Terms | Privacy