azorult

Sharing

Copy URL

Twitter E-mail

General

Target

297018529b212ce85eaa948955ef8426f91dcacdd10afeeb9579e60c4b0ab28a.exe
Size

625KB
Sample

240711-jw4wfsxapm
MD5

741b019cda408bb20437c75cc5dfba41
SHA1

3c3fea34bf5c79727fedb8edb9b3d504d47ea7da
SHA256

297018529b212ce85eaa948955ef8426f91dcacdd10afeeb9579e60c4b0ab28a
SHA512

59d55337adefee06ebeddfd3324ded159d6f7217de9d105c70f8c1a105e97ec19422dc05f735795d1d2a624c10a666e294c5ea21f05471cc23becdae8fe1fcf7
SSDEEP

12288:M2Vmby5Q6INSzc4oNOR0ZY1yfjcaWh4JJCbIlcpF:M28SQ6IIzhl1kWh4PbGF

Score

10^/10

Malware Config

Extracted

Family

azorult

http://bmld.shop/ML341/index.php

Targets

- Target
  
  297018529b212ce85eaa948955ef8426f91dcacdd10afeeb9579e60c4b0ab28a.exe
- Size
  
  625KB
- MD5
  
  741b019cda408bb20437c75cc5dfba41
- SHA1
  
  3c3fea34bf5c79727fedb8edb9b3d504d47ea7da
- SHA256
  
  297018529b212ce85eaa948955ef8426f91dcacdd10afeeb9579e60c4b0ab28a
- SHA512
  
  59d55337adefee06ebeddfd3324ded159d6f7217de9d105c70f8c1a105e97ec19422dc05f735795d1d2a624c10a666e294c5ea21f05471cc23becdae8fe1fcf7
- SSDEEP
  
  12288:M2Vmby5Q6INSzc4oNOR0ZY1yfjcaWh4JJCbIlcpF:M28SQ6IIzhl1kWh4PbGF
Score

10^/10

azorult collection execution infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  5KB
- MD5
  
  3134c2821796396ba53e77ef3ea6a268
- SHA1
  
  14c58e347fb4bf1b8c6f5ebccae57c58066d8769
- SHA256
  
  9cdba2bb0984f10c201921ae5bcfe7b595771e1f12d9e17d31f213bfaf1548c6
- SHA512
  
  34beca32375af8e4665b48413c940af67bedf6e34895481281551836460721161b158e642bde120a65ca0143643e06bfe660da2b1900e7ca2e4f7a204e183d4e
- SSDEEP
  
  96:MqNrqoGHBA8Cgg6WXXvyuJ6jDfu+yMb+yRrtWpOwol:MMqrHY5XvyuR0htWpO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  3cea4c9994912d8f3c3e8b6a814e810e
- SHA1
  
  c48d34a0981d4ab576c7a3ab566f5ddb94af5d86
- SHA256
  
  b2699fdfdab6a018fcc972806d12f71972de1861660bb6578935d62b1da06504
- SHA512
  
  d317449f3c3115e279cff148c3e0bccc9b1d4ba82d1f85c0b99d7db657e85f752c0691d33f8024ada5850c993d0bdcbcc70b296b7cf33d7d14a67bc16ca3b4a3
- SSDEEP
  
  96:o417lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4Lb8qndYv0PLE:oOl7wrLBn0REc0JxEdO0PLE
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  4a2f4fe4a3ad1de56ee6bf7dd4923963
- SHA1
  
  7cc68b94448c964fd99904e5784b059aed4d5daa
- SHA256
  
  89b1e6509a1b45b32933e9d785a9c8c5b9ce7c616e1112dcf7fc3fa5ca27ebde
- SHA512
  
  4b6bbe75beafae9a29932ff5ddd3940aadfae62c157836e6cdab755955782dd5354d5eb389b4b8c16bf59f4ce7a099a0161d915c1cf2968f28e195dc8e3997ea
- SSDEEP
  
  96:z0OBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+uPHwEX:4tZKtrAJJJbP7iEHEbN8Ved0Ph
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Reads local data of messenger clients

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8