azorult | b6c584f799db3c039ccc12e00fa5ae920e9d245b61c6377c809d500183e7f4c4 | Triage

Submit
Reports

Overview

overview

Static

static

3

89b375b11a...18.exe

windows7-x64

89b375b11a...18.exe

windows10-2004-x64

Sharing

General

Target

89b375b11a22e342b2d3a23fc64fd72f_JaffaCakes118
Size

739KB
Sample

240601-hya6gsde5z
MD5

89b375b11a22e342b2d3a23fc64fd72f
SHA1

361470a327f354d042991d2e05c99b81dd95cee4
SHA256

b6c584f799db3c039ccc12e00fa5ae920e9d245b61c6377c809d500183e7f4c4
SHA512

f6856a8919edcc7f886651a936b1500b5558e90c5f9b475c04d3677acc4885402426d3df586e9133da3cef881e0482485633a0fd46d2fbf38a7f37090c24000b
SSDEEP

6144:oi6GwW89A84mdnI0uKTWlQitmwdPLWIUMExSuKBEUFTLH8Hc:qX/I0FTWlQjwdPL9D9uKBR6

Score

10^/10

azorult agilenet infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

89b375b11a22e342b2d3a23fc64fd72f_JaffaCakes118.exe

Resource

win7-20240508-en

azorult agilenet infostealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

89b375b11a22e342b2d3a23fc64fd72f_JaffaCakes118.exe

Resource

win10v2004-20240426-en

azorult agilenet infostealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

https://losjardinesdejavier.com/admin/32/index.php

Targets

- Target
  
  89b375b11a22e342b2d3a23fc64fd72f_JaffaCakes118
- Size
  
  739KB
- MD5
  
  89b375b11a22e342b2d3a23fc64fd72f
- SHA1
  
  361470a327f354d042991d2e05c99b81dd95cee4
- SHA256
  
  b6c584f799db3c039ccc12e00fa5ae920e9d245b61c6377c809d500183e7f4c4
- SHA512
  
  f6856a8919edcc7f886651a936b1500b5558e90c5f9b475c04d3677acc4885402426d3df586e9133da3cef881e0482485633a0fd46d2fbf38a7f37090c24000b
- SSDEEP
  
  6144:oi6GwW89A84mdnI0uKTWlQitmwdPLWIUMExSuKBEUFTLH8Hc:qX/I0FTWlQjwdPL9D9uKBR6
Score

10^/10

azorult agilenet infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultagilenetinfostealertrojan

behavioral2

azorultagilenetinfostealertrojan

© 2018-2025

Terms | Privacy