azorult | cf3a678f3a2cca630df4ef320da6304fa9687ab6796a9ab5e5bf9ddac42c25b6 | Triage

Submit
Reports

Overview

overview

Static

static

5

9845b60b2b...cs.exe

windows7-x64

9845b60b2b...cs.exe

windows10-2004-x64

Sharing

General

Target

9845b60b2b956753153eac331f9ec660_NeikiAnalytics
Size

1.2MB
Sample

240511-hqd76sef76
MD5

9845b60b2b956753153eac331f9ec660
SHA1

e13542dbdba26c6de082e701ec811c46c7b75715
SHA256

cf3a678f3a2cca630df4ef320da6304fa9687ab6796a9ab5e5bf9ddac42c25b6
SHA512

e8b88f0ac8ee3f6414b9833522d5fc3b9a6c37f014753b1762dc72d4650198a669c5ac6f30ba8ada1d6c734e508930f0db6ad8eae1527fa5be71bfcadce35dd7
SSDEEP

24576:mu6J33O0c+JY5UZ+XC0kGsoTGcK7YBaPymUi63i62xHLVFvtWYeM:ou0c++OCvkGsEGcK8BufT5LVuYT

Score

10^/10

azorult infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9845b60b2b956753153eac331f9ec660_NeikiAnalytics.exe

Resource

win7-20240215-en

azorult infostealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9845b60b2b956753153eac331f9ec660_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

azorult infostealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

- Target
  
  9845b60b2b956753153eac331f9ec660_NeikiAnalytics
- Size
  
  1.2MB
- MD5
  
  9845b60b2b956753153eac331f9ec660
- SHA1
  
  e13542dbdba26c6de082e701ec811c46c7b75715
- SHA256
  
  cf3a678f3a2cca630df4ef320da6304fa9687ab6796a9ab5e5bf9ddac42c25b6
- SHA512
  
  e8b88f0ac8ee3f6414b9833522d5fc3b9a6c37f014753b1762dc72d4650198a669c5ac6f30ba8ada1d6c734e508930f0db6ad8eae1527fa5be71bfcadce35dd7
- SSDEEP
  
  24576:mu6J33O0c+JY5UZ+XC0kGsoTGcK7YBaPymUi63i62xHLVFvtWYeM:ou0c++OCvkGsEGcK8BufT5LVuYT
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan

© 2018-2024

Terms | Privacy