azorult | cdae5c24bd6813de0e0c71748062db520bb43ab16a1995e9de684e2ededa9cae | Triage

Sharing

General

Target

1bdf4969e039dce5e33bc0322e5cea21_JaffaCakes118
Size

309KB
Sample

240506-lky7yaah79
MD5

1bdf4969e039dce5e33bc0322e5cea21
SHA1

db9d0b421d01228f35154c52ee486390c9ae30af
SHA256

cdae5c24bd6813de0e0c71748062db520bb43ab16a1995e9de684e2ededa9cae
SHA512

4823d9b379e1a0288fa3617527584ce4d5061ff33faf358527248bf311b230c54b594718675145a2f1266f3b03de55cf0cb210198623a7039211df4c93c9e827
SSDEEP

6144:JPCganNQkFxNN+89pM2f6nqyDglKGZrwmDkRSsD827eHOld:Han6kFMMpzf6mjZkcsD8oCOld

Score

10^/10

azorult execution infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://sinomatics.ga/~zadmin/lk/a/az/ch/index.php

Targets

- Target
  
  1bdf4969e039dce5e33bc0322e5cea21_JaffaCakes118
- Size
  
  309KB
- MD5
  
  1bdf4969e039dce5e33bc0322e5cea21
- SHA1
  
  db9d0b421d01228f35154c52ee486390c9ae30af
- SHA256
  
  cdae5c24bd6813de0e0c71748062db520bb43ab16a1995e9de684e2ededa9cae
- SHA512
  
  4823d9b379e1a0288fa3617527584ce4d5061ff33faf358527248bf311b230c54b594718675145a2f1266f3b03de55cf0cb210198623a7039211df4c93c9e827
- SSDEEP
  
  6144:JPCganNQkFxNN+89pM2f6nqyDglKGZrwmDkRSsD827eHOld:Han6kFMMpzf6mjZkcsD8oCOld
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $APPDATA/yonetici/agent/ht/ZipExeStub.exe
- Size
  
  26KB
- MD5
  
  69aa866258d8c730bf1feffeabe57fa5
- SHA1
  
  b4a895c279b6900e60cb5e90cdd5a6e9b79828af
- SHA256
  
  0e1d1b6545d1162c755e0b22c97dfd337dfc64fb8791704a93c84d448b44511f
- SHA512
  
  faf62cd96aacf1a94d4e893e4ecad9f494ecc61f548f0b955f3f47405696c6b1ccaac4a3b57dd9a56cbf0db81b64a36c55fce31a983a26be5a66d41c9b1ed5a1
- SSDEEP
  
  384:BsJQbkxQ7ECMcxIHe7g6ihJSxUCR1rgCPKabK2t0X5P7DZ+uelWLwWfLCcMe/oTC:BsJQb9Mcxqe7FRJBOtL3d/o+
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/yonetici/agent/ht/vcdeployui.dll
- Size
  
  10KB
- MD5
  
  86e8573da0da08bc5801eeb05722b900
- SHA1
  
  9df15367a068e8f16bea5b098c1bc5ab0fe8f816
- SHA256
  
  116d2a7b1c04779dc774f9012dff83f01cc4905bfce0e745c1e6f1b469b445a2
- SHA512
  
  bcb449de7aac0e68802868948344f57d7113eb16209ac8d2b5fd68f387c21998748763e34bc15cfb2ea3d9b09df4379eeac9b7651064a633d09d2ae6befaa724
- SSDEEP
  
  96:yOKkWxHSIWPpJG4yQMsn+WT74+olgDS8zlzcWmzIBTCT5o4nzkInvzUiPjP7TPmP:hWxyIWRIx+4+Yu7RS/I1vIQG
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  1f56d9c34643cc8033ec8e628df11cfb
- SHA1
  
  1231b571a298c16a1f618799fc7d20b72ccb2747
- SHA256
  
  c1593d641b89c8cf294ce4efeaea5d0a69b095f04947ecdabbef73d3225d3480
- SHA512
  
  a0c80e6f5c4aa6f34b601951033b709944d3522a6faefad11d9d8f1b4398d379d4e5618029c8134204f344e8a71bfff4e19c2d6693f2119ffd05e67dd9148d24
- SSDEEP
  
  96:8eU0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqkfnLiEQjJ3KxkP:tGBfjbUA/85q3wEh8uLm2LpmP
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0063d48afe5a0cdc02833145667b6641
- SHA1
  
  e7eb614805d183ecb1127c62decb1a6be1b4f7a8
- SHA256
  
  ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
- SHA512
  
  71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
- SSDEEP
  
  192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6e64e5d5f9498058a300b26b8741d9d5
- SHA1
  
  837ce28e5e02788da63a7f1d8f20207d2b0bf523
- SHA256
  
  8d4b1c275fd1cd0782a265080b56d1aec8d1c93edca5ef3b050d1d20d7b61f33
- SHA512
  
  f53514d36021d79f85df2494d403f03589b3ad848889b9224f962cc932ef740f127131a914c7171ad8136ca1ef631285ea1c80576db18ccf8ea56940eb00ea1e
- SSDEEP
  
  96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  293165db1e46070410b4209519e67494
- SHA1
  
  777b96a4f74b6c34d43a4e7c7e656757d1c97f01
- SHA256
  
  49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a
- SHA512
  
  97012139f2da5868fe8731c0b0bcb3cfda29ed10c2e6e2336b504480c9cd9fb8f4728cca23f1e0bd577d75daa542e59f94d1d341f4e8aaeebc7134bf61288c19
- SSDEEP
  
  96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
Score

3^/10
behavioral13 behavioral14
- Target
  
  $TEMP/Moustache.dll
- Size
  
  41KB
- MD5
  
  5e68491fc9296f4067d397093f25e8f4
- SHA1
  
  0447a8247227fc3a12c7b9cd24cf5717f6ea8ec0
- SHA256
  
  47b284c8cea5f056b17bed41e272d0d61d70a169d3366a53104435bb393c1e89
- SHA512
  
  4a4d6f5c81f0f161e4d70fe221192f665084e1625ba35aa052a81c6c06c706d29c920066289b948998fecd8863d799f3d33be5f850e416d47bf6be0683215b7e
- SSDEEP
  
  768:3wmqf3FVwBf7uQpwukQRhsOaGnTEDE3vyS12wfpVDt4t:3wFTwBju3LQvNSS1rfpTw
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Suspicious use of SetThreadContext
behavioral15 behavioral16
- Target
  
  $TEMP/Priggery
- Size
  
  152KB
- MD5
  
  2031ea3cee9b7431f69556ba0251ab1b
- SHA1
  
  039305aa0d18520f771a5948bb95328c8c6555a3
- SHA256
  
  b1492e905ce4d71e63ef5a2fbaf69e5e8ccb19577631c88facb6b4231381fc56
- SHA512
  
  61fa6de1251578a816f9905e9b9066995d1e60b74d82c01a058f43ad1ffe374510fec8c8e850f2fdfdb619963d6550bc85ca035e3da4148f97ae614de3490720
- SSDEEP
  
  3072:q+efVvq6M1p1PCsKGZdrm9gnRBn67QVeJHxS1ONSV4s:qXy6MBlKGZVwmD0RSsNzs
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  $TEMP/go/25.opends60.dll
- Size
  
  44B
- MD5
  
  09537416318f379396bddbc18046de39
- SHA1
  
  dc6111549ff49afa587425603cc0c545b034b988
- SHA256
  
  b407fe7ddcc7303ef167873a6498e8ebd771e9b4b432ad0a458a029574ca6afd
- SHA512
  
  20b9ab08d3e940d687404436e2d6c8b4c1a9121987382c6253d7d93fc2b556fb8780742af08d8b73e4d50ea9b23d2e62298669650df60ed38e6f23c5c0155619
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/go/35.opends60.dll
- Size
  
  57B
- MD5
  
  b330e04d27f2b76246c9401bb9df8405
- SHA1
  
  fea5928cf1704d14ee717bb703c65aedfb194751
- SHA256
  
  99e399e564c46308a2ec22a427f5338433a820c09ff559c8f6488be9199ed1ad
- SHA512
  
  b07555fa3fb5e11e91583c28922f5a59f09e0cc8244b3bc5e62cfc231cd4a4da080f0653d404ca9a8ab332f61e393ed17235858e84dca0578f8ae51e9b5f30a9
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/go/pidgen.dll
- Size
  
  39KB
- MD5
  
  d6daa21229600584d00093df481c921f
- SHA1
  
  a0848216ed5ddf3945938de79c746ce7424c30aa
- SHA256
  
  888f6c10d62ba7470fb457f054769e24a35edb86a3144214113b5a6472b0332f
- SHA512
  
  d0cd6370ee5bb8daad4f07a63bb16554a723ee0959bff447b0b67c41bb3f32404d1ba2eb219679498a55ea63204584f5c2fb2ae466c3d0654fa0e118069b06fa
- SSDEEP
  
  768:WGDpZQyMVVIDR4fUB+9RtYknN5EQmlCHhrBPsx1H9xllMGCacV:WGDn4KDOMET97ax1rcV
Score

3^/10
behavioral23 behavioral24
- Target
  
  $TEMP/uninst.exe
- Size
  
  50KB
- MD5
  
  e98ac0b9c5264d56d7a69dbf4fb82f28
- SHA1
  
  3ffadf822494ba1b63bd10872dc4ee5dc80e18b4
- SHA256
  
  6b85e8131032b744d7ff79cf934309a5bb79f527db50d58fd70ccdd4379c683f
- SHA512
  
  94edb6485ece8890124f612b71db83a0287e306e2796a537a25cb4df5c3fdcd3b56f1a5afb11c877a5825793572ebb1728323e7c20c629dff6c73784287f17d9
- SSDEEP
  
  1536:AsHllqRxeiMfvHSlzchN0MF0DBwwcZgdLeAyN/SDR:JPqRxga51PDBfcZceARN
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

azorultinfostealertrojan

behavioral16

azorultinfostealertrojan

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26