azorult | 146c12a429f5a61a92f48c6bb00f03c863a54046858094fd8bf0c14303f4e00e | Triage

Sharing

General

Target

bd77386d5adace5596c346c2da626e4c_JaffaCakes118
Size

938KB
Sample

240619-vt5krazbmn
MD5

bd77386d5adace5596c346c2da626e4c
SHA1

99c4b20d42ebbb5ba103d3eba7eb13f1cadef852
SHA256

146c12a429f5a61a92f48c6bb00f03c863a54046858094fd8bf0c14303f4e00e
SHA512

93f14ef18c3541f6a9c5c5fe795348b99c2ef221e5ea9b3b6d254bda6265999e3d84f23d58b2dfba7b13897177d419a6fcff4c6c2a36cf9c5ac659cba3a77943
SSDEEP

24576:wT9qik9OVHDyyv6MEi1z1CFtVbSuU0NtsDyQ1gUsTglIU:S9qzONEMl1zpZjIU

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://jatkit.ga/x0/index.php

Targets

- Target
  
  bd77386d5adace5596c346c2da626e4c_JaffaCakes118
- Size
  
  938KB
- MD5
  
  bd77386d5adace5596c346c2da626e4c
- SHA1
  
  99c4b20d42ebbb5ba103d3eba7eb13f1cadef852
- SHA256
  
  146c12a429f5a61a92f48c6bb00f03c863a54046858094fd8bf0c14303f4e00e
- SHA512
  
  93f14ef18c3541f6a9c5c5fe795348b99c2ef221e5ea9b3b6d254bda6265999e3d84f23d58b2dfba7b13897177d419a6fcff4c6c2a36cf9c5ac659cba3a77943
- SSDEEP
  
  24576:wT9qik9OVHDyyv6MEi1z1CFtVbSuU0NtsDyQ1gUsTglIU:S9qzONEMl1zpZjIU
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan