azorult | 5bf6aa06e097882d54af8a0c43646e1d41379a1ffea8e1db8c6a580d9631f570 | Triage

Sharing

General

Target

65155eda022fd171ab983097f2bbe924_JaffaCakes118
Size

1.1MB
Sample

240521-2xp3ssda3z
MD5

65155eda022fd171ab983097f2bbe924
SHA1

687d17dccfa13cb5534c1f6729e28cde6e03bcb8
SHA256

5bf6aa06e097882d54af8a0c43646e1d41379a1ffea8e1db8c6a580d9631f570
SHA512

dd6b0bc869d09287ca662e30569c70f09ddd21e26f239fe06c6ee6e8ccdf0c9842c6206476bf4c1d1b1a0a1f11d11fda90c585a9ab6fa9db12e04135a13939ea
SSDEEP

12288:S3HxvTzdIhHc6s6fvAHL8EIEgCPcuxWlsmP8H7zNA8vF0FBHoGKTilq6S63mMz:S3x3S7s6fvAHa1eWnEb6+O7KGlpqMz

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Targets

- Target
  
  65155eda022fd171ab983097f2bbe924_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  65155eda022fd171ab983097f2bbe924
- SHA1
  
  687d17dccfa13cb5534c1f6729e28cde6e03bcb8
- SHA256
  
  5bf6aa06e097882d54af8a0c43646e1d41379a1ffea8e1db8c6a580d9631f570
- SHA512
  
  dd6b0bc869d09287ca662e30569c70f09ddd21e26f239fe06c6ee6e8ccdf0c9842c6206476bf4c1d1b1a0a1f11d11fda90c585a9ab6fa9db12e04135a13939ea
- SSDEEP
  
  12288:S3HxvTzdIhHc6s6fvAHL8EIEgCPcuxWlsmP8H7zNA8vF0FBHoGKTilq6S63mMz:S3x3S7s6fvAHa1eWnEb6+O7KGlpqMz
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan