azorult | ac521479e4e200f6ce0d7225a5f2c0d1e9d5d6b333240d02cfbfbcfe7dd9dfff | Triage

Submit
Reports

Overview

overview

Static

static

7

9eca20a113...cs.exe

windows7-x64

9eca20a113...cs.exe

windows10-2004-x64

Sharing

General

Target

9eca20a1136b80e16ba2914ec77d7430_NeikiAnalytics
Size

721KB
Sample

240510-h511gshh9y
MD5

9eca20a1136b80e16ba2914ec77d7430
SHA1

ed7da214f5f7e6c780bb17f6fbb050045fbac625
SHA256

ac521479e4e200f6ce0d7225a5f2c0d1e9d5d6b333240d02cfbfbcfe7dd9dfff
SHA512

22a986d77eacc4a5bcfcba22e7a2e397175e0803675be26db3984f4aee7ab1d7a63c2ee76fbeb14d6c0eadc6654f985760c72779de9731629cd115a728fa5917
SSDEEP

12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75G:arl6kD68JmloO7TdNaPymUi63i62xHLC

Score

10^/10

azorult infostealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9eca20a1136b80e16ba2914ec77d7430_NeikiAnalytics.exe

Resource

win7-20240221-en

azorult infostealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9eca20a1136b80e16ba2914ec77d7430_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

azorult infostealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

- Target
  
  9eca20a1136b80e16ba2914ec77d7430_NeikiAnalytics
- Size
  
  721KB
- MD5
  
  9eca20a1136b80e16ba2914ec77d7430
- SHA1
  
  ed7da214f5f7e6c780bb17f6fbb050045fbac625
- SHA256
  
  ac521479e4e200f6ce0d7225a5f2c0d1e9d5d6b333240d02cfbfbcfe7dd9dfff
- SHA512
  
  22a986d77eacc4a5bcfcba22e7a2e397175e0803675be26db3984f4aee7ab1d7a63c2ee76fbeb14d6c0eadc6654f985760c72779de9731629cd115a728fa5917
- SSDEEP
  
  12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi75G:arl6kD68JmloO7TdNaPymUi63i62xHLC
Score

10^/10

azorult infostealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojanupx

behavioral2

azorultinfostealertrojanupx

© 2018-2024

Terms | Privacy