azorult | d358c87cf527ba9f5036d0fa620101d49d526c023187f29a86f3fdb8510263d6 | Triage

Submit
Reports

Overview

overview

Static

static

3

5bd91a97aa...18.exe

windows7-x64

5bd91a97aa...18.exe

windows10-2004-x64

Sharing

General

Target

5bd91a97aa2e10adc9c00c400b50158f_JaffaCakes118
Size

658KB
Sample

240519-2kvgraee78
MD5

5bd91a97aa2e10adc9c00c400b50158f
SHA1

16c2d0132914fe69e2d3bee62bd868f256a1db3a
SHA256

d358c87cf527ba9f5036d0fa620101d49d526c023187f29a86f3fdb8510263d6
SHA512

26c7b202a08e8a18c2a61ee2017b6e696f82649241335863073dd89faa05f31eac187f5d7c540733a6833b7d5ea65ecfbeeb86d9bb1af64a7b9e0a6dbcbbb304
SSDEEP

6144:qIO3wz0Co3sLuwhOAJBGiDZdDn6h60rk8/W7Tr7s5A0fgYXkSByW7huU0:XHpZdOU0rk8qhGgYXh70

Score

10^/10

azorult agilenet infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5bd91a97aa2e10adc9c00c400b50158f_JaffaCakes118.exe

Resource

win7-20231129-en

azorult agilenet infostealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5bd91a97aa2e10adc9c00c400b50158f_JaffaCakes118.exe

Resource

win10v2004-20240426-en

azorult agilenet infostealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://vitani.tk/disk/index.php

Targets

- Target
  
  5bd91a97aa2e10adc9c00c400b50158f_JaffaCakes118
- Size
  
  658KB
- MD5
  
  5bd91a97aa2e10adc9c00c400b50158f
- SHA1
  
  16c2d0132914fe69e2d3bee62bd868f256a1db3a
- SHA256
  
  d358c87cf527ba9f5036d0fa620101d49d526c023187f29a86f3fdb8510263d6
- SHA512
  
  26c7b202a08e8a18c2a61ee2017b6e696f82649241335863073dd89faa05f31eac187f5d7c540733a6833b7d5ea65ecfbeeb86d9bb1af64a7b9e0a6dbcbbb304
- SSDEEP
  
  6144:qIO3wz0Co3sLuwhOAJBGiDZdDn6h60rk8/W7Tr7s5A0fgYXkSByW7huU0:XHpZdOU0rk8qhGgYXh70
Score

10^/10

azorult agilenet infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultagilenetinfostealertrojan

behavioral2

azorultagilenetinfostealertrojan

© 2018-2024

Terms | Privacy