azorult | 73cb1310dc141fee821131f9725c441fb33b22d40d8503863026abdc8789ea58 | Triage

Sharing

General

Target

6e413aa30d77acffd63cda6dadcc8981_JaffaCakes118
Size

322KB
Sample

240524-mxjtfsed47
MD5

6e413aa30d77acffd63cda6dadcc8981
SHA1

1335fcd12449cbed1d9d5be6bab91a835e8088cf
SHA256

73cb1310dc141fee821131f9725c441fb33b22d40d8503863026abdc8789ea58
SHA512

ccef837a19d4bf443bc7e9e4ab128b5797da67c0de4b1b045ef2be5a6b02b0a102021009d91c265fc63168c9c9d727c704837c23cc79b66b69a75e0c1a9f1b94
SSDEEP

6144:0puvcSS69agePDjZ3aLCSMoHPJPSBpS+H+6w7U8F1X/:0EvcSSIerjZKLCboHhqBpS+hSUK

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  6e413aa30d77acffd63cda6dadcc8981_JaffaCakes118
- Size
  
  322KB
- MD5
  
  6e413aa30d77acffd63cda6dadcc8981
- SHA1
  
  1335fcd12449cbed1d9d5be6bab91a835e8088cf
- SHA256
  
  73cb1310dc141fee821131f9725c441fb33b22d40d8503863026abdc8789ea58
- SHA512
  
  ccef837a19d4bf443bc7e9e4ab128b5797da67c0de4b1b045ef2be5a6b02b0a102021009d91c265fc63168c9c9d727c704837c23cc79b66b69a75e0c1a9f1b94
- SSDEEP
  
  6144:0puvcSS69agePDjZ3aLCSMoHPJPSBpS+H+6w7U8F1X/:0EvcSSIerjZKLCboHhqBpS+hSUK
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan