azorult | c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77 | Triage

Sharing

General

Target

c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77.exe
Size

610KB
Sample

240710-ytssqsxdpr
MD5

ad0ed91197890681c43fe8a613ba1b2b
SHA1

d0a7ded680f10ec1871a3b4df10c6a9cc2a30809
SHA256

c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77
SHA512

029ec97c9e08eac5fbda60442b1094b142168c54a4f4233f7812ab46ab8a1f19fa8b4133beb4dff6dbff7ccfcc139367cd966548385b73b3be5e33fe49ac720f
SSDEEP

12288:I2Vmby5Q6IXgRhdiS+j7hmIwKp5KNgcSJtoE2uxck4EUcpF+78:I28SQ6IXgitRwKp5KYoE2uxckrjFM8

Score

10^/10

azorult execution infostealer trojan

Malware Config

Targets

- Target
  
  c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77.exe
- Size
  
  610KB
- MD5
  
  ad0ed91197890681c43fe8a613ba1b2b
- SHA1
  
  d0a7ded680f10ec1871a3b4df10c6a9cc2a30809
- SHA256
  
  c97dbc111d46e1bfe08a912bc8a893494f6d3f682d71853ab6b0a3ee3308fb77
- SHA512
  
  029ec97c9e08eac5fbda60442b1094b142168c54a4f4233f7812ab46ab8a1f19fa8b4133beb4dff6dbff7ccfcc139367cd966548385b73b3be5e33fe49ac720f
- SSDEEP
  
  12288:I2Vmby5Q6IXgRhdiS+j7hmIwKp5KNgcSJtoE2uxck4EUcpF+78:I28SQ6IXgitRwKp5KYoE2uxckrjFM8
Score

10^/10

azorult execution infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  5KB
- MD5
  
  3134c2821796396ba53e77ef3ea6a268
- SHA1
  
  14c58e347fb4bf1b8c6f5ebccae57c58066d8769
- SHA256
  
  9cdba2bb0984f10c201921ae5bcfe7b595771e1f12d9e17d31f213bfaf1548c6
- SHA512
  
  34beca32375af8e4665b48413c940af67bedf6e34895481281551836460721161b158e642bde120a65ca0143643e06bfe660da2b1900e7ca2e4f7a204e183d4e
- SSDEEP
  
  96:MqNrqoGHBA8Cgg6WXXvyuJ6jDfu+yMb+yRrtWpOwol:MMqrHY5XvyuR0htWpO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  3cea4c9994912d8f3c3e8b6a814e810e
- SHA1
  
  c48d34a0981d4ab576c7a3ab566f5ddb94af5d86
- SHA256
  
  b2699fdfdab6a018fcc972806d12f71972de1861660bb6578935d62b1da06504
- SHA512
  
  d317449f3c3115e279cff148c3e0bccc9b1d4ba82d1f85c0b99d7db657e85f752c0691d33f8024ada5850c993d0bdcbcc70b296b7cf33d7d14a67bc16ca3b4a3
- SSDEEP
  
  96:o417lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4Lb8qndYv0PLE:oOl7wrLBn0REc0JxEdO0PLE
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  4a2f4fe4a3ad1de56ee6bf7dd4923963
- SHA1
  
  7cc68b94448c964fd99904e5784b059aed4d5daa
- SHA256
  
  89b1e6509a1b45b32933e9d785a9c8c5b9ce7c616e1112dcf7fc3fa5ca27ebde
- SHA512
  
  4b6bbe75beafae9a29932ff5ddd3940aadfae62c157836e6cdab755955782dd5354d5eb389b4b8c16bf59f4ce7a099a0161d915c1cf2968f28e195dc8e3997ea
- SSDEEP
  
  96:z0OBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+uPHwEX:4tZKtrAJJJbP7iEHEbN8Ved0Ph
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultexecutioninfostealertrojan

behavioral2

azorultexecutioninfostealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8