azorult | 6767b6974e104025cac4ace55ca70580b8d838415900be85b6c193efc79921a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

7771ce67a7...18.exe

windows7-x64

7771ce67a7...18.exe

windows10-2004-x64

Sharing

General

Target

7771ce67a7aa0ee47ad060f63521acac_JaffaCakes118
Size

316KB
Sample

240527-bpph7aca83
MD5

7771ce67a7aa0ee47ad060f63521acac
SHA1

94571c6299a8bb7a18e374665ff71bcdf7277fc6
SHA256

6767b6974e104025cac4ace55ca70580b8d838415900be85b6c193efc79921a4
SHA512

182447af45201bbe1899eb179bd7cd1b57c9f6da69c31bc17415ed4263cc22b69b036e3c920b833d45fe5b1e0b7b366415b62a74521306d2fc91ce354ae65c10
SSDEEP

6144:B1uVvfHP8RYF2Iy3D9oWAoQMgjQwxvRADbYTexZIQcupxlbB4Q6HjwznIB43tGLO:BivfHPio2Iy5jA1mwe/xOQcud8Ic43th

Score

10^/10

azorult agilenet infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7771ce67a7aa0ee47ad060f63521acac_JaffaCakes118.exe

Resource

win7-20240215-en

azorult agilenet infostealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7771ce67a7aa0ee47ad060f63521acac_JaffaCakes118.exe

Resource

win10v2004-20240508-en

azorult agilenet infostealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://cashouts.tk/index.php

Targets

- Target
  
  7771ce67a7aa0ee47ad060f63521acac_JaffaCakes118
- Size
  
  316KB
- MD5
  
  7771ce67a7aa0ee47ad060f63521acac
- SHA1
  
  94571c6299a8bb7a18e374665ff71bcdf7277fc6
- SHA256
  
  6767b6974e104025cac4ace55ca70580b8d838415900be85b6c193efc79921a4
- SHA512
  
  182447af45201bbe1899eb179bd7cd1b57c9f6da69c31bc17415ed4263cc22b69b036e3c920b833d45fe5b1e0b7b366415b62a74521306d2fc91ce354ae65c10
- SSDEEP
  
  6144:B1uVvfHP8RYF2Iy3D9oWAoQMgjQwxvRADbYTexZIQcupxlbB4Q6HjwznIB43tGLO:BivfHPio2Iy5jA1mwe/xOQcud8Ic43th
Score

10^/10

azorult agilenet infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultagilenetinfostealertrojan

behavioral2

azorultagilenetinfostealertrojan

© 2018-2024

Terms | Privacy