azorult | c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77 | Triage

Resubmissions

10-07-2024 15:39

240710-s3v2kawblp 8

10-07-2024 15:39

240710-s3rn5swblk 10

Sharing

General

Target

c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77
Size

610KB
Sample

240710-s3rn5swblk
MD5

ad0ed91197890681c43fe8a613ba1b2b
SHA1

d0a7ded680f10ec1871a3b4df10c6a9cc2a30809
SHA256

c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77
SHA512

029ec97c9e08eac5fbda60442b1094b142168c54a4f4233f7812ab46ab8a1f19fa8b4133beb4dff6dbff7ccfcc139367cd966548385b73b3be5e33fe49ac720f
SSDEEP

12288:I2Vmby5Q6IXgRhdiS+j7hmIwKp5KNgcSJtoE2uxck4EUcpF+78:I28SQ6IXgitRwKp5KYoE2uxckrjFM8

Score

10^/10

azorult collection execution infostealer spyware stealer trojan

Malware Config

Targets

- Target
  
  c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77
- Size
  
  610KB
- MD5
  
  ad0ed91197890681c43fe8a613ba1b2b
- SHA1
  
  d0a7ded680f10ec1871a3b4df10c6a9cc2a30809
- SHA256
  
  c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77
- SHA512
  
  029ec97c9e08eac5fbda60442b1094b142168c54a4f4233f7812ab46ab8a1f19fa8b4133beb4dff6dbff7ccfcc139367cd966548385b73b3be5e33fe49ac720f
- SSDEEP
  
  12288:I2Vmby5Q6IXgRhdiS+j7hmIwKp5KNgcSJtoE2uxck4EUcpF+78:I28SQ6IXgitRwKp5KYoE2uxckrjFM8
Score

10^/10

execution azorult collection infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

azorultcollectionexecutioninfostealerspywarestealertrojan

behavioral3

azorultcollectionexecutioninfostealerspywarestealertrojan

behavioral4