azorult | 830d385dd185fdd45e8806a5bcfccf36e97ab6f131f88cee5b31b376d1079a97 | Triage

Sharing

General

Target

b6adbba46ed54bc53efb5a38bd5a4550_JaffaCakes118
Size

1.1MB
Sample

240617-ep1g8sxfkm
MD5

b6adbba46ed54bc53efb5a38bd5a4550
SHA1

a9362c0882d1dfc13d3e63b5da2c39945fb37769
SHA256

830d385dd185fdd45e8806a5bcfccf36e97ab6f131f88cee5b31b376d1079a97
SHA512

6965c579917b4d4715df11ba44997aba284c7d691ccb0195c4a8f51f9405eb49f9b16b5dba3b32520f695dc10849d22cf4a1edaba5ce9af1630dd300411aee89
SSDEEP

24576:ldHPXnvcC964ukjOs1iq8ZqI1IT96t+3C4X:l9vvM4sHq9QB+

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://jatkit.cf/Roa-29/index.php

Targets

- Target
  
  b6adbba46ed54bc53efb5a38bd5a4550_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  b6adbba46ed54bc53efb5a38bd5a4550
- SHA1
  
  a9362c0882d1dfc13d3e63b5da2c39945fb37769
- SHA256
  
  830d385dd185fdd45e8806a5bcfccf36e97ab6f131f88cee5b31b376d1079a97
- SHA512
  
  6965c579917b4d4715df11ba44997aba284c7d691ccb0195c4a8f51f9405eb49f9b16b5dba3b32520f695dc10849d22cf4a1edaba5ce9af1630dd300411aee89
- SSDEEP
  
  24576:ldHPXnvcC964ukjOs1iq8ZqI1IT96t+3C4X:l9vvM4sHq9QB+
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan