azorult | 025b5c06132c1891780252ba071f0d115cc9d253a9a5b0a78690607cadf518da | Triage

Sharing

General

Target

43e90d89f0c4349debda10c1c6736152_JaffaCakes118
Size

7.2MB
Sample

240515-bjyjxaab35
MD5

43e90d89f0c4349debda10c1c6736152
SHA1

11b3dc628741b3fb8efb22017903d6118a5e4025
SHA256

025b5c06132c1891780252ba071f0d115cc9d253a9a5b0a78690607cadf518da
SHA512

52116f36fc45bfe68e8ac9fe851a9bf6f6e223bc9be33807da2d372ff38291d89ee6a54d75e9910394d421c4cea48bf1b3f934710c460633ada13e485fd0cdf3
SSDEEP

196608:jrUTMTSK3BF+5encO4QLGJGnLJBtTulr+PW+Vtqh:joIfEex4QLuGjRulrV+VtM

Score

10^/10

azorult evasion infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  BitcoinMixer.exe
- Size
  
  6.9MB
- MD5
  
  5e0f8ee129890445018f0937bada2452
- SHA1
  
  88a50d65ba185a96984c9286fcc273b4be99b77d
- SHA256
  
  89df43e97c76bb3a92c71627b2b2ca932d11a1aca5ee43928a33e0baa210b90c
- SHA512
  
  4f791eb17bf01680884b57ac8c31e16381eef27a75b0edee637a6b7bc29d807b738e87bd42b62f0429d39992e6da8f91d2d13f11da5101a55cdb55e55f82f708
- SSDEEP
  
  196608:d1UYkY97WfXiebiAvbT1XwW+BQpk59iXK73tP:UYX7WfSeOihXwtBQpk5oXK
Score

10^/10

azorult evasion infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  NBug.dll
- Size
  
  177KB
- MD5
  
  2fa1fd12917eb7c2376135f3e4b8211a
- SHA1
  
  3c63ec47c61770df21a8ed93e2bf4c109a8e16c7
- SHA256
  
  5444997b02a2fc3eb48952a4fd20cb552a4c3dfdb236533e5ee2ee0cb388a27a
- SHA512
  
  c7530c53db77c9bb2608fcf59841b0475144124fc5ed21ddc8b1c57db91946ee35e1f9b9a9794538a5826132efed72ab3872f8cef5e40ba4016c7b063f53cb3b
- SSDEEP
  
  3072:rC/dDy/H+vRWTPYNbF2T0SzjbXZzJ0+8M3qSV1saYc5ZeC5NY5/O:rCVDKevRWzYJF2T3zRzJ0+8M3qSZgW
Score

1^/10
behavioral3 behavioral4
- Target
  
  Newtonsoft.Json.dll
- Size
  
  392KB
- MD5
  
  b01e3ef6c82d1f8946fae0c1d1827c70
- SHA1
  
  743b153814771feee5feea5aa87340356940fda3
- SHA256
  
  9dae8dd4f712661186789553831d3aa32165e10c079c81edd3b19fc0e7e389a0
- SHA512
  
  baca07c7d10f39699d758d6e49abbf928f09710ad6da802175f4b325e8a2008e06e1d03766d70afb94b677ff3da8caf63486b58bbff5fea8c85d3b1645588440
- SSDEEP
  
  6144:ZmC0A9a4afvG9/ra4PCio4/mFr0tZDmEaN+bkmSx1W:p0A9daKjayCgEQrvkm1
Score

1^/10
behavioral5 behavioral6
- Target
  
  liblzo2-2.dll
- Size
  
  194KB
- MD5
  
  4f7dd1c75cdb0b8c6e418853430763cd
- SHA1
  
  48951b072a7a1dee1ba86236a9063ae2fa30df2a
- SHA256
  
  17d07f5cf13dd9fb694e7e63eac4fae61e7849231612e3476c1b2499d1cd7e90
- SHA512
  
  348560353eb950d296ab7ba15411c57f0a52d2f8cb1516dc8ff40d405915a1ebeb6fb8c25bc8478a5c751153c8928a39317864beeafc20ab8d2fe66a3c9fa818
- SSDEEP
  
  1536:7D6TnOqMTG0hT0RRfK0TnGKGN3i1V3LjgjZ33pjjjYgZaza3gIAaaaaaaaZgft6k:mmTmIAvKwbdp760Ct21l4n4F3N3
Score

1^/10
behavioral7 behavioral8
- Target
  
  libpkcs11-helper-1.dll
- Size
  
  119KB
- MD5
  
  f578680327346fdc02f8114ce115cfd9
- SHA1
  
  72aae63493059156931cb5191cbd9c6ef5f1fe46
- SHA256
  
  67947e9f191efc6f229cd7d918eac677d988a1ed266271a7640a01fa3ae7f04f
- SHA512
  
  72aa9c33b3fc109d473bf2a52cefdf290d34297c8999025102431fe9f70f831e0ff4acd69d1afe9205f179658dfecbb8faf5325dfe94c43a8add69c3d521e915
- SSDEEP
  
  3072:36raD6xwYw8wA5Hrefu2ficsegbzr6FFKRxR0QQU7k1TAH1OobTrFZ1EzFP6eCFv:KrKYwt8N5Hrefu6Ngbzr6XKxR0QQU7kG
Score

1^/10
behavioral10 behavioral9
- Target
  
  ssleay32.dll
- Size
  
  360KB
- MD5
  
  3fcde4502cccd7daa80c18a8745e7f49
- SHA1
  
  a6b76b11f3d402306d7466dcba43c914955b79c1
- SHA256
  
  07e0e9f174542fb43c23ed43bb68b6c41ba8d866a5840fe8777d2a6cce7d4b30
- SHA512
  
  f8031877c2d1b410936b47f8fddaf14ef0e17d0e36003601f1d2410c426f6ab38bc723e63bcf76fa94f5d970020ccf3d5e78877d068e50fd977e0af2dd77952c
- SSDEEP
  
  6144:SD8Aip6jv5l/yOyZCj4icFWlgcOZfI5zz9f5s:wBiS5l/yMsqqgs
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultevasioninfostealertrojan

behavioral2

azorultevasioninfostealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12