azorult | 958a147413f8ef9831b35ac364ca6f52b722848873701a7e9354584806d5b870 | Triage

Submit
Reports

Overview

overview

Static

static

5

75bf3bb6bb...18.exe

windows7-x64

75bf3bb6bb...18.exe

windows10-2004-x64

Sharing

General

Target

75bf3bb6bbfcecacec371c5c954dd5b0_JaffaCakes118
Size

7.5MB
Sample

240526-rjckfahh32
MD5

75bf3bb6bbfcecacec371c5c954dd5b0
SHA1

f6ad6bd9fabb5036b58a52d64eaf71e7c6b2d30d
SHA256

958a147413f8ef9831b35ac364ca6f52b722848873701a7e9354584806d5b870
SHA512

a2d517882ba4875f501a5dc8ee0e6fe116c8c77b9fecd697cee6271d226ae214146630ba187c66fcfdf2f5563645e0f4d971b9fb8e2efa3bf5a0d4db4ec2a15d
SSDEEP

196608:cCK6hIdB4LC4BgRexpA4O1Xq7pZIBVIAg26FsluEMC/WpsvkCesIGe:XTo4m4iwg/qfDLKEC/WSvkCeHF

Score

10^/10

azorult discovery evasion infostealer persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

75bf3bb6bbfcecacec371c5c954dd5b0_JaffaCakes118.exe

Resource

win7-20240221-en

azorult discovery evasion infostealer persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

75bf3bb6bbfcecacec371c5c954dd5b0_JaffaCakes118.exe

Resource

win10v2004-20240508-en

azorult discovery evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://softopia.icu/aaa/index.php

Targets

- Target
  
  75bf3bb6bbfcecacec371c5c954dd5b0_JaffaCakes118
- Size
  
  7.5MB
- MD5
  
  75bf3bb6bbfcecacec371c5c954dd5b0
- SHA1
  
  f6ad6bd9fabb5036b58a52d64eaf71e7c6b2d30d
- SHA256
  
  958a147413f8ef9831b35ac364ca6f52b722848873701a7e9354584806d5b870
- SHA512
  
  a2d517882ba4875f501a5dc8ee0e6fe116c8c77b9fecd697cee6271d226ae214146630ba187c66fcfdf2f5563645e0f4d971b9fb8e2efa3bf5a0d4db4ec2a15d
- SSDEEP
  
  196608:cCK6hIdB4LC4BgRexpA4O1Xq7pZIBVIAg26FsluEMC/WpsvkCesIGe:XTo4m4iwg/qfDLKEC/WSvkCeHF
Score

10^/10

azorult discovery evasion infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryevasioninfostealerpersistencetrojan

behavioral2

azorultdiscoveryevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy