azorult | 47c778403ce04173c50f686ad986b977e9e5048f3505fd1922e93c4ddee11727 | Triage

Submit
Reports

Overview

overview

Static

static

b1d2c6a081...18.exe

windows7-x64

b1d2c6a081...18.exe

windows10-2004-x64

Sharing

General

Target

b1d2c6a081a911db6157479403f6b279_JaffaCakes118
Size

1.9MB
Sample

240616-flp3rszhrd
MD5

b1d2c6a081a911db6157479403f6b279
SHA1

63983454fcf3e5c8d4adad7566b1048922819164
SHA256

47c778403ce04173c50f686ad986b977e9e5048f3505fd1922e93c4ddee11727
SHA512

0c7847a5dc144a5a293d57e2aad923adbfcb48afb91374d76d1800b4868863bf18606dfdb9c0453f5d3bc20594b324c8a6f131f5c59416b7c574442b4edf80b3
SSDEEP

24576:+HZQS+B2kOVzDiaEwWWoFxUt0ChpFd0hjxx7Rr10:LgVTWWpt7pFd0DxB10

Score

10^/10

azorult evasion infostealer persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b1d2c6a081a911db6157479403f6b279_JaffaCakes118.exe

Resource

win7-20231129-en

azorult evasion infostealer persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

b1d2c6a081a911db6157479403f6b279_JaffaCakes118.exe

Resource

win10v2004-20240508-en

azorult evasion infostealer persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://23.94.253.127/sky/index.php

Targets

- Target
  
  b1d2c6a081a911db6157479403f6b279_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  b1d2c6a081a911db6157479403f6b279
- SHA1
  
  63983454fcf3e5c8d4adad7566b1048922819164
- SHA256
  
  47c778403ce04173c50f686ad986b977e9e5048f3505fd1922e93c4ddee11727
- SHA512
  
  0c7847a5dc144a5a293d57e2aad923adbfcb48afb91374d76d1800b4868863bf18606dfdb9c0453f5d3bc20594b324c8a6f131f5c59416b7c574442b4edf80b3
- SSDEEP
  
  24576:+HZQS+B2kOVzDiaEwWWoFxUt0ChpFd0hjxx7Rr10:LgVTWWpt7pFd0DxB10
Score

10^/10

azorult evasion infostealer persistence trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultevasioninfostealerpersistencetrojanupx

behavioral2

azorultevasioninfostealerpersistencetrojanupx

© 2018-2025

Terms | Privacy