azorult | 40f13891225b6d4bcee5e2c613d4b77e241cc67ffda4ffcaff5b4d1c0b00688d | Triage

Sharing

General

Target

MT110563270605DOC.exe
Size

220KB
Sample

240705-qsc2ws1gqc
MD5

ed80e2f07ae9c6534c1fed9a00b60682
SHA1

63533fa8e25c1d7950eb33cfabf95bf460a83375
SHA256

40f13891225b6d4bcee5e2c613d4b77e241cc67ffda4ffcaff5b4d1c0b00688d
SHA512

8f8855e21c3172c090699a19f705001ffc0c46a76c9cd7462ed48d72daffa6303960e16c6d1ee468795727af456781d69d7f85991ce3de0258e42eabb235a9f4
SSDEEP

3072:20SYeS/9IqpR4ldUmPWuGDXIpAKWV3JAzfOUQmd4NDVoe/u0x81kXQpBG3UUL0fN:202S/93ORos9M9fVAkqD

Score

10^/10

azorult infostealer persistence trojan

Malware Config

Extracted

Family

azorult

C2

http://hqt3.shop/HQK341/index.php

Targets

- Target
  
  MT110563270605DOC.exe
- Size
  
  220KB
- MD5
  
  ed80e2f07ae9c6534c1fed9a00b60682
- SHA1
  
  63533fa8e25c1d7950eb33cfabf95bf460a83375
- SHA256
  
  40f13891225b6d4bcee5e2c613d4b77e241cc67ffda4ffcaff5b4d1c0b00688d
- SHA512
  
  8f8855e21c3172c090699a19f705001ffc0c46a76c9cd7462ed48d72daffa6303960e16c6d1ee468795727af456781d69d7f85991ce3de0258e42eabb235a9f4
- SSDEEP
  
  3072:20SYeS/9IqpR4ldUmPWuGDXIpAKWV3JAzfOUQmd4NDVoe/u0x81kXQpBG3UUL0fN:202S/93ORos9M9fVAkqD
Score

10^/10

azorult infostealer persistence trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultinfostealerpersistencetrojan

behavioral2

azorultinfostealerpersistencetrojan