azorult | cd28fdc0ba5ed24ae7ef0916f835cb8eacaffe2f339da2081edf1de791223ec9 | Triage

Sharing

General

Target

Doc#0001275758.exe
Size

23KB
Sample

240531-jktw4scd42
MD5

707ba46eb0f294c67a804e2602212127
SHA1

db9249fc6afe1b3cf4cf93f0994772c4309a9a95
SHA256

cd28fdc0ba5ed24ae7ef0916f835cb8eacaffe2f339da2081edf1de791223ec9
SHA512

123616aeaba21a7b077628416e574f2bea5113915d1dc33b0b9177bf1c599ef2a4deebdcbd94ad852ba333bb6ef52e462ed3f748b589f535c71b37c89edfe4a4
SSDEEP

384:I353XicKxFQ7jrOKOcRD5WOnYPLpFzDGHJzOFzDGsT8JN77hhQ33:qGxEh5WOEBDGpzOBDGsI3hGH

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://hqt3.shop/DBL841/index.php

Targets

- Target
  
  Doc#0001275758.exe
- Size
  
  23KB
- MD5
  
  707ba46eb0f294c67a804e2602212127
- SHA1
  
  db9249fc6afe1b3cf4cf93f0994772c4309a9a95
- SHA256
  
  cd28fdc0ba5ed24ae7ef0916f835cb8eacaffe2f339da2081edf1de791223ec9
- SHA512
  
  123616aeaba21a7b077628416e574f2bea5113915d1dc33b0b9177bf1c599ef2a4deebdcbd94ad852ba333bb6ef52e462ed3f748b589f535c71b37c89edfe4a4
- SSDEEP
  
  384:I353XicKxFQ7jrOKOcRD5WOnYPLpFzDGHJzOFzDGsT8JN77hhQ33:qGxEh5WOEBDGpzOBDGsI3hGH
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan