azorult | 79b344cf928f5114ddfe9e46bf7f43ee149d6c0291f7941d992634fc23a947ca | Triage

Submit
Reports

Overview

overview

Static

static

79b344cf92...ca.exe

windows7-x64

79b344cf92...ca.exe

windows10-2004-x64

Sharing

General

Target

79b344cf928f5114ddfe9e46bf7f43ee149d6c0291f7941d992634fc23a947ca
Size

721KB
Sample

240418-3lzcrsbc41
MD5

d2708e525679ee6c32f03f027ae0aa99
SHA1

91eb186d0bf652da682bb9b2d5cf885be94ea8a4
SHA256

79b344cf928f5114ddfe9e46bf7f43ee149d6c0291f7941d992634fc23a947ca
SHA512

0a0e83813244746ba3140ff910180a6140592bb264aac23951dd7ed977e753d9fe510fc2eb38ce2b2e75f6038e047c4a6c03c3649c4b37825390b9475ad5fa75
SSDEEP

12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75s:arl6kD68JmloO7TdNaPymUi63i62xHLg

Score

10^/10

azorult infostealer trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

79b344cf928f5114ddfe9e46bf7f43ee149d6c0291f7941d992634fc23a947ca.exe

Resource

win7-20240221-en

azorult infostealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

79b344cf928f5114ddfe9e46bf7f43ee149d6c0291f7941d992634fc23a947ca.exe

Resource

win10v2004-20240412-en

azorult infostealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

- Target
  
  79b344cf928f5114ddfe9e46bf7f43ee149d6c0291f7941d992634fc23a947ca
- Size
  
  721KB
- MD5
  
  d2708e525679ee6c32f03f027ae0aa99
- SHA1
  
  91eb186d0bf652da682bb9b2d5cf885be94ea8a4
- SHA256
  
  79b344cf928f5114ddfe9e46bf7f43ee149d6c0291f7941d992634fc23a947ca
- SHA512
  
  0a0e83813244746ba3140ff910180a6140592bb264aac23951dd7ed977e753d9fe510fc2eb38ce2b2e75f6038e047c4a6c03c3649c4b37825390b9475ad5fa75
- SSDEEP
  
  12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75s:arl6kD68JmloO7TdNaPymUi63i62xHLg
Score

10^/10

azorult infostealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojanupx

behavioral2

azorultinfostealertrojanupx

© 2018-2025

Terms | Privacy