azorult | 2f44a85e551b92871c892d9ff098673868e5a61b157a722e47e505c835549f09 | Triage

Sharing

General

Target

af6f2dab0c8b2798717dd76b0707e696_JaffaCakes118
Size

1.2MB
Sample

240615-vedtgs1gmj
MD5

af6f2dab0c8b2798717dd76b0707e696
SHA1

b9deca68056c397d246804f9bb0bae594411daa8
SHA256

2f44a85e551b92871c892d9ff098673868e5a61b157a722e47e505c835549f09
SHA512

02557b50b39ae73fc19401dfd5c37cf2d25a6f0dfdabfd2501f4626b1ae513c2a633bd5bdd94985443dabc3561dbcf56bdfc070fa8beb570fff4f9ee53dd35b9
SSDEEP

24576:6AHnh+eWsN3skA4RV1Hom2KXMmHaHp6HtOJfRe5p:Nh+ZkldoPK8YaHpop

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://charle03.testok.testforhost.com/index.php

Targets

- Target
  
  af6f2dab0c8b2798717dd76b0707e696_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  af6f2dab0c8b2798717dd76b0707e696
- SHA1
  
  b9deca68056c397d246804f9bb0bae594411daa8
- SHA256
  
  2f44a85e551b92871c892d9ff098673868e5a61b157a722e47e505c835549f09
- SHA512
  
  02557b50b39ae73fc19401dfd5c37cf2d25a6f0dfdabfd2501f4626b1ae513c2a633bd5bdd94985443dabc3561dbcf56bdfc070fa8beb570fff4f9ee53dd35b9
- SSDEEP
  
  24576:6AHnh+eWsN3skA4RV1Hom2KXMmHaHp6HtOJfRe5p:Nh+ZkldoPK8YaHpop
Score

10^/10

azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultinfostealertrojan