azorult | 94d77da6e9ba6786e66b3864a9092a028d4e076774a5003b50eea0b5b04be074 | Triage

Sharing

General

Target

94d77da6e9ba6786e66b3864a9092a028d4e076774a5003b50eea0b5b04be074.exe
Size

593KB
Sample

240718-w25q6atfnf
MD5

6b67c037861d71932f9971faade3c695
SHA1

03313a12f94a0923bd456a058bb974e43f3c8562
SHA256

94d77da6e9ba6786e66b3864a9092a028d4e076774a5003b50eea0b5b04be074
SHA512

d59c9fe2cb5664394c670ca85964c85fbc4f00129c786ea79470b6c47d9768a5481496a6b9ac38f15c4cc66aad83e372a162a9890359648b19c4c08b9c53728f
SSDEEP

12288:sCn4AyHnr1nomoZlKOKIQxRGul47sbYY6UsGVPCHNwEX:/nEnrVvfOdQxJ47skYxsGVcNb

Score

10^/10

azorult execution infostealer trojan

Malware Config

Targets

- Target
  
  94d77da6e9ba6786e66b3864a9092a028d4e076774a5003b50eea0b5b04be074.exe
- Size
  
  593KB
- MD5
  
  6b67c037861d71932f9971faade3c695
- SHA1
  
  03313a12f94a0923bd456a058bb974e43f3c8562
- SHA256
  
  94d77da6e9ba6786e66b3864a9092a028d4e076774a5003b50eea0b5b04be074
- SHA512
  
  d59c9fe2cb5664394c670ca85964c85fbc4f00129c786ea79470b6c47d9768a5481496a6b9ac38f15c4cc66aad83e372a162a9890359648b19c4c08b9c53728f
- SSDEEP
  
  12288:sCn4AyHnr1nomoZlKOKIQxRGul47sbYY6UsGVPCHNwEX:/nEnrVvfOdQxJ47skYxsGVcNb
Score

10^/10

azorult execution infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  49998d066af103d06b56f5b4c76b1497
- SHA1
  
  b7dce166147f40dfa17f5ca950c4e324a10d04be
- SHA256
  
  95042dbe7428461ee7fd210acf37040eb921012c7b32f66cb54766f0a16bb5b6
- SHA512
  
  61b0d75ef3a18c8c13ad8c614a012a71cbc4f6fd4bba0aa0c7b866e1a8fbf5f9fdb3e012a3566586d47fc8b456a7de36a06a0d70cdf27e504aac64eab37555d7
- SSDEEP
  
  96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkDnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmiLpmP
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  19d3373e403a6e724cfa1563dfd1f463
- SHA1
  
  4917547b355a91e9431879209f56925097bf4fb3
- SHA256
  
  873fa0c52eae7cfbed56ea18b21fad0ca8f018ab7f305bd1db1a3ec454e353d1
- SHA512
  
  b6f6db23376ade4bb864ea14244980612f42f322d3915540090bfe8edc80e9577b7aec3589bd587ca47a729371ed8ab8e6e23031bb3e3f524d48783637646193
- SSDEEP
  
  96:oXF7lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4I8qndYv0PLE:oXFl7wrLBn0REc0Jx3dO0PLE
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  6c881f00ba860b17821d8813aa34dbc6
- SHA1
  
  0e5a1e09b1ce1bc758d6977b913a8d9ccbe52a13
- SHA256
  
  bcb93204bd1854d0c34fa30883bab51f6813ab32abf7fb7d4aeed21d71f6af87
- SHA512
  
  c78d6f43aa9bb35260a7bd300392ce809282660283fa6cb3059bae50d6db229b0b853cab7c949d4bdf19309fb183257b1c9feb01a66347e1c0adeb21543315b6
- SSDEEP
  
  96:DOBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+ugwEX:DtZKtrAJJJbP7iEHEbN8Ved0PM
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultexecutioninfostealertrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8