azorult | 65e3a9d0eb8768505efa40c73de9c5a1e9b98a845fb72e51454e47a83f9a2698 | Triage

Submit
Reports

Overview

overview

Static

static

7

ed8511aa9b...18.exe

windows7-x64

ed8511aa9b...18.exe

windows10-2004-x64

Sharing

General

Target

ed8511aa9b1b5c225a6a24dcc1c36e13_JaffaCakes118
Size

969KB
Sample

240411-qnfxzsfe5w
MD5

ed8511aa9b1b5c225a6a24dcc1c36e13
SHA1

5ad13c01039a3e4f6826b017fc3dfb43fbf74812
SHA256

65e3a9d0eb8768505efa40c73de9c5a1e9b98a845fb72e51454e47a83f9a2698
SHA512

bcd546d5784905d4ef531bfa64265d132e28b2cbf5d7672cf29a05523221d920a4ea5be47c7992d31c2cd82fb667b9810111eaccbfaf6162ead1681cac0f9f6e
SSDEEP

24576:5EdZ+tSpotEOwX3vEh65V3UPAFmSID0MEQ7zRtm1bGvyJT5W:iMSp8o38Q5V3ULSE0MbXRtMTI

Score

10^/10

azorult infostealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ed8511aa9b1b5c225a6a24dcc1c36e13_JaffaCakes118.exe

Resource

win7-20240221-en

azorult infostealer trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ed8511aa9b1b5c225a6a24dcc1c36e13_JaffaCakes118.exe

Resource

win10v2004-20240226-en

azorult infostealer trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

https://livdecor.pt/work/Panel/index.php

Targets

- Target
  
  ed8511aa9b1b5c225a6a24dcc1c36e13_JaffaCakes118
- Size
  
  969KB
- MD5
  
  ed8511aa9b1b5c225a6a24dcc1c36e13
- SHA1
  
  5ad13c01039a3e4f6826b017fc3dfb43fbf74812
- SHA256
  
  65e3a9d0eb8768505efa40c73de9c5a1e9b98a845fb72e51454e47a83f9a2698
- SHA512
  
  bcd546d5784905d4ef531bfa64265d132e28b2cbf5d7672cf29a05523221d920a4ea5be47c7992d31c2cd82fb667b9810111eaccbfaf6162ead1681cac0f9f6e
- SSDEEP
  
  24576:5EdZ+tSpotEOwX3vEh65V3UPAFmSID0MEQ7zRtm1bGvyJT5W:iMSp8o38Q5V3ULSE0MbXRtMTI
Score

10^/10

azorult infostealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultinfostealertrojanupx

behavioral2

azorultinfostealertrojanupx

© 2018-2024

Terms | Privacy