azorult | ab0d63c8771c54d27d188801503ba53f167ff663fe88213383aa1dd936584e83 | Triage

Submit
Reports

Overview

overview

Static

static

7

0a69caa557...cs.exe

windows7-x64

0a69caa557...cs.exe

windows10-2004-x64

Sharing

General

Target

0a69caa5575d234efa661ba620083b60_NeikiAnalytics.exe
Size

721KB
Sample

240526-21kmgsgc28
MD5

0a69caa5575d234efa661ba620083b60
SHA1

e3c08ad26a2415ab8203f24bde02b5694db64867
SHA256

ab0d63c8771c54d27d188801503ba53f167ff663fe88213383aa1dd936584e83
SHA512

07c393b7f65bc182cbeeba806ff97644e5042f6fbd696519077f59bfe6a50589db9a3916c0dda7f30ca1131f12206379f2cf920d83597668c8206bdd58e8e5b2
SSDEEP

12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi751:arl6kD68JmloO7TdNaPymUi63i62xHLp

Score

10^/10

azorult infostealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0a69caa5575d234efa661ba620083b60_NeikiAnalytics.exe

Resource

win7-20240419-en

azorult infostealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a69caa5575d234efa661ba620083b60_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

azorult infostealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://185.79.156.23/j0n0/index.php

Targets

- Target
  
  0a69caa5575d234efa661ba620083b60_NeikiAnalytics.exe
- Size
  
  721KB
- MD5
  
  0a69caa5575d234efa661ba620083b60
- SHA1
  
  e3c08ad26a2415ab8203f24bde02b5694db64867
- SHA256
  
  ab0d63c8771c54d27d188801503ba53f167ff663fe88213383aa1dd936584e83
- SHA512
  
  07c393b7f65bc182cbeeba806ff97644e5042f6fbd696519077f59bfe6a50589db9a3916c0dda7f30ca1131f12206379f2cf920d83597668c8206bdd58e8e5b2
- SSDEEP
  
  12288:DquErHF6xC9D6DmR1J98w4oknqOKw/zTd1RVaHvymUi6rjXrm62iU952aLovi751:arl6kD68JmloO7TdNaPymUi63i62xHLp
Score

10^/10

azorult infostealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultinfostealertrojanupx

behavioral2

azorultinfostealertrojanupx

© 2018-2024

Terms | Privacy