azorult | 1f8ab348af6cbbe737f5831fd3ff5c1313615ef3c15313e42ca6688ece4a7627 | Triage

Sharing

General

Target

3512d08a932b4b8d6ccdc259def8e064_JaffaCakes118
Size

690KB
Sample

240511-ryt32aeg39
MD5

3512d08a932b4b8d6ccdc259def8e064
SHA1

420113523781f62428aeb556c35e75da69292177
SHA256

1f8ab348af6cbbe737f5831fd3ff5c1313615ef3c15313e42ca6688ece4a7627
SHA512

c9bdc77688746f62b88a98d88603cdfb7ee63d618368493a39f839c766ee1d2d8c1fc0ab313440491ef30369705c8c10e864c274fba708477c79fcc7910cfece
SSDEEP

12288:Zb7wrmUJeglq/0PwSF0/46I4jlkt4hTF0yhHMLju7Jrn6dYCY3kS5+ZRUk+/KKbw:Zb7wrPJ7lqcY9PJktcp0sz7d+YCYzcEM

Score

10^/10

azorult execution infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://www.brasond.tech/eddy/Panel/index.php

Targets

- Target
  
  3512d08a932b4b8d6ccdc259def8e064_JaffaCakes118
- Size
  
  690KB
- MD5
  
  3512d08a932b4b8d6ccdc259def8e064
- SHA1
  
  420113523781f62428aeb556c35e75da69292177
- SHA256
  
  1f8ab348af6cbbe737f5831fd3ff5c1313615ef3c15313e42ca6688ece4a7627
- SHA512
  
  c9bdc77688746f62b88a98d88603cdfb7ee63d618368493a39f839c766ee1d2d8c1fc0ab313440491ef30369705c8c10e864c274fba708477c79fcc7910cfece
- SSDEEP
  
  12288:Zb7wrmUJeglq/0PwSF0/46I4jlkt4hTF0yhHMLju7Jrn6dYCY3kS5+ZRUk+/KKbw:Zb7wrPJ7lqcY9PJktcp0sz7d+YCYzcEM
Score

10^/10

execution azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Drops startup file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

azorultexecutioninfostealertrojan