azorult | 1f0c1a7137256bfc32d674d2c79e52b7979397e5c07de43534907b0772ed7244 | Triage

Sharing

General

Target

7307ca25676cc003ca854b355801df70_JaffaCakes118
Size

1.1MB
Sample

240525-ybgyhsff5z
MD5

7307ca25676cc003ca854b355801df70
SHA1

5a9ac8665ddbd9ee42df49c037c99b19f35785a9
SHA256

1f0c1a7137256bfc32d674d2c79e52b7979397e5c07de43534907b0772ed7244
SHA512

da0cf55e253885a8b22fdf3497f267e72657df867cc7bba7d3eb7fce7657c15efd668a9ef3d0748d21a5adde35fa54a071a1b67d788663552a350e2a6e94469c
SSDEEP

24576:FdHPXnvcC964ukjOs1iq8ZqI1IT96tenq9yUv0O:F9vvM4sHq9QaqkQ

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://104.233.105.159/0/d3vid3/index.php

Targets

- Target
  
  7307ca25676cc003ca854b355801df70_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  7307ca25676cc003ca854b355801df70
- SHA1
  
  5a9ac8665ddbd9ee42df49c037c99b19f35785a9
- SHA256
  
  1f0c1a7137256bfc32d674d2c79e52b7979397e5c07de43534907b0772ed7244
- SHA512
  
  da0cf55e253885a8b22fdf3497f267e72657df867cc7bba7d3eb7fce7657c15efd668a9ef3d0748d21a5adde35fa54a071a1b67d788663552a350e2a6e94469c
- SSDEEP
  
  24576:FdHPXnvcC964ukjOs1iq8ZqI1IT96tenq9yUv0O:F9vvM4sHq9QaqkQ
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan