azorult | af5d9e7613baf2df33d65f060279f5678e92b6fc123efb7ac45ffabca5a2e23c | Triage

Sharing

General

Target

af5d9e7613baf2df33d65f060279f5678e92b6fc123efb7ac45ffabca5a2e23c.exe
Size

400KB
Sample

240821-mzsjdayarj
MD5

bfc6d784ac40e0aa03c2889b5fe7d661
SHA1

39cc39a970d8a1228c8591d478be5bcf98bec30e
SHA256

af5d9e7613baf2df33d65f060279f5678e92b6fc123efb7ac45ffabca5a2e23c
SHA512

252b4e4f38f1b304ed23958657f0b1698b7c9c47f9685e60d66ae36aeb91a7ff11ce94e51ace0d386c6db9398a90ffe52cd53bd0de6d0f19f5f75dfc5d70929f
SSDEEP

12288:4qlZi970zIZAx0qXsNd0v9g1agdLXK7z:zZrx09NdY9Grdk

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://129.146.140.127/index.php

Targets

- Target
  
  af5d9e7613baf2df33d65f060279f5678e92b6fc123efb7ac45ffabca5a2e23c.exe
- Size
  
  400KB
- MD5
  
  bfc6d784ac40e0aa03c2889b5fe7d661
- SHA1
  
  39cc39a970d8a1228c8591d478be5bcf98bec30e
- SHA256
  
  af5d9e7613baf2df33d65f060279f5678e92b6fc123efb7ac45ffabca5a2e23c
- SHA512
  
  252b4e4f38f1b304ed23958657f0b1698b7c9c47f9685e60d66ae36aeb91a7ff11ce94e51ace0d386c6db9398a90ffe52cd53bd0de6d0f19f5f75dfc5d70929f
- SSDEEP
  
  12288:4qlZi970zIZAx0qXsNd0v9g1agdLXK7z:zZrx09NdY9Grdk
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan