azorult | eecdc674c9e86dd45fc485b0f25829367eb2e805c920d746682c16636819f7cb | Triage

Sharing

General

Target

58685083b698610e970f5b0766517eb0_JaffaCakes118
Size

1.1MB
Sample

240519-edy52agh9v
MD5

58685083b698610e970f5b0766517eb0
SHA1

d3f7173e3dbedd99482ff58f42f44a978d9761e6
SHA256

eecdc674c9e86dd45fc485b0f25829367eb2e805c920d746682c16636819f7cb
SHA512

11b7af2da51ae084027f3eed3e282d023660fcd8ee9daf224ad54e77053cb9910c8cc63bc408ce2f4f5c6c92662e99aab536c29c0833e267a060e4d4e285051a
SSDEEP

12288:tf9hv84Qe79qQOOThLWHNsmtqxfjFSgxLK6nLyXpy41fwzjAEaYT1f9mgs8+3Rfs:t0OD3ThLWHKm4xBZxRnZ7AVYTmJrjpt

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://kamyn9ka.com/server/gate.php

Targets

- Target
  
  58685083b698610e970f5b0766517eb0_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  58685083b698610e970f5b0766517eb0
- SHA1
  
  d3f7173e3dbedd99482ff58f42f44a978d9761e6
- SHA256
  
  eecdc674c9e86dd45fc485b0f25829367eb2e805c920d746682c16636819f7cb
- SHA512
  
  11b7af2da51ae084027f3eed3e282d023660fcd8ee9daf224ad54e77053cb9910c8cc63bc408ce2f4f5c6c92662e99aab536c29c0833e267a060e4d4e285051a
- SSDEEP
  
  12288:tf9hv84Qe79qQOOThLWHNsmtqxfjFSgxLK6nLyXpy41fwzjAEaYT1f9mgs8+3Rfs:t0OD3ThLWHKm4xBZxRnZ7AVYTmJrjpt
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan