azorult | 814765ec878346538ddeaed238bb9ffa88e466a0c158e40ad0a2b7f27b4b2676 | Triage

Sharing

General

Target

60a3bdd3179a0831df197ec56024dd01_JaffaCakes118
Size

671KB
Sample

240729-z36lmavgkc
MD5

60a3bdd3179a0831df197ec56024dd01
SHA1

edb454a7f1573a96ef543ad0e8215a806097d952
SHA256

814765ec878346538ddeaed238bb9ffa88e466a0c158e40ad0a2b7f27b4b2676
SHA512

918e6008823f925beb133c0fabb56ad0b61d2d44f72f779bee595002ccff5d6b7d0f3e41dc69e0f5d9e53f6f8c374cb3e5b236ea8119267452d7bcc7c4eb1c0c
SSDEEP

12288:RxojH5jdL/KyCR7PqRo2YQLa3RFC7cvoLTK6Paigs6jmsK:EljBKnRIIQOhKcCTK6PPgTmR

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://ciuj.ir/arnold/index.php

Targets

- Target
  
  60a3bdd3179a0831df197ec56024dd01_JaffaCakes118
- Size
  
  671KB
- MD5
  
  60a3bdd3179a0831df197ec56024dd01
- SHA1
  
  edb454a7f1573a96ef543ad0e8215a806097d952
- SHA256
  
  814765ec878346538ddeaed238bb9ffa88e466a0c158e40ad0a2b7f27b4b2676
- SHA512
  
  918e6008823f925beb133c0fabb56ad0b61d2d44f72f779bee595002ccff5d6b7d0f3e41dc69e0f5d9e53f6f8c374cb3e5b236ea8119267452d7bcc7c4eb1c0c
- SSDEEP
  
  12288:RxojH5jdL/KyCR7PqRo2YQLa3RFC7cvoLTK6Paigs6jmsK:EljBKnRIIQOhKcCTK6PPgTmR
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan