azorult | ee305a8295212f8a8f7eda9590a1f498ef3ec064a8bcd4bbc4df9383ea5b4b37 | Triage

Sharing

General

Target

4220268b4611786e1976ab4f4bd83e4d_JaffaCakes118
Size

696KB
Sample

240514-tpw75sec99
MD5

4220268b4611786e1976ab4f4bd83e4d
SHA1

cfc2db4e404aff6bbc25ca1a8f9072b49d96e675
SHA256

ee305a8295212f8a8f7eda9590a1f498ef3ec064a8bcd4bbc4df9383ea5b4b37
SHA512

5a406e871e3c9a2968604cfd0ab4c9bcaaa46d8a5fe309d26b178779394410b292c0378334b70ea2450f506d6e0e53be10e9166ff8143e388d9165c361f7f6bc
SSDEEP

12288:TX7EGpv5pV1Kf/vd8I03XB/RibPuquJksvG5nwQLQu9BtJxbXsbm:THv1m/vd8I03sEre19Btjbcbm

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://doueven.click/nonono/gegejokoew.php

Targets

- Target
  
  4220268b4611786e1976ab4f4bd83e4d_JaffaCakes118
- Size
  
  696KB
- MD5
  
  4220268b4611786e1976ab4f4bd83e4d
- SHA1
  
  cfc2db4e404aff6bbc25ca1a8f9072b49d96e675
- SHA256
  
  ee305a8295212f8a8f7eda9590a1f498ef3ec064a8bcd4bbc4df9383ea5b4b37
- SHA512
  
  5a406e871e3c9a2968604cfd0ab4c9bcaaa46d8a5fe309d26b178779394410b292c0378334b70ea2450f506d6e0e53be10e9166ff8143e388d9165c361f7f6bc
- SSDEEP
  
  12288:TX7EGpv5pV1Kf/vd8I03XB/RibPuquJksvG5nwQLQu9BtJxbXsbm:THv1m/vd8I03sEre19Btjbcbm
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan