azorult | 0a69f9f5ab368e4621a53fdc4cd5acc32db83ece9f9325178b37dffc7300937f | Triage

Sharing

General

Target

0e526919b83581c4d4e6dfc9b0718723_JaffaCakes118
Size

1.1MB
Sample

240502-m73z3shf33
MD5

0e526919b83581c4d4e6dfc9b0718723
SHA1

851980ab9095f75b9dac0f171100e3aa43104c72
SHA256

0a69f9f5ab368e4621a53fdc4cd5acc32db83ece9f9325178b37dffc7300937f
SHA512

f01a00c668d45741430d615264dc47906a86b8b2a8d18a7fdd1cc595c1f9ef670a3c3f124a2f089f74552b8bed52638a6b0c891ff23aeea5788bc3e0df6c6214
SSDEEP

24576:FdHPXnvcC964ukjOs1iq8ZqI1IT96t2eThWbsAn:F9vvM4sHq9QIAC

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Targets

- Target
  
  0e526919b83581c4d4e6dfc9b0718723_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  0e526919b83581c4d4e6dfc9b0718723
- SHA1
  
  851980ab9095f75b9dac0f171100e3aa43104c72
- SHA256
  
  0a69f9f5ab368e4621a53fdc4cd5acc32db83ece9f9325178b37dffc7300937f
- SHA512
  
  f01a00c668d45741430d615264dc47906a86b8b2a8d18a7fdd1cc595c1f9ef670a3c3f124a2f089f74552b8bed52638a6b0c891ff23aeea5788bc3e0df6c6214
- SSDEEP
  
  24576:FdHPXnvcC964ukjOs1iq8ZqI1IT96t2eThWbsAn:F9vvM4sHq9QIAC
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan