azorult | 21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0 | Triage

Sharing

General

Target

b9d619b9b382accbc2aa81f4023baf3f_JaffaCakes118
Size

516KB
Sample

240823-bv3b8sybrb
MD5

b9d619b9b382accbc2aa81f4023baf3f
SHA1

e9cc5b7fca5e3c70bf1c66827f7a59e3171359dc
SHA256

21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0
SHA512

4005a2a29c774035da22e825bda67c3af5ea594ff87876e5cbf9e5b5878eca083a27191bbe53adfa25fec26fc1afe5b5e04bf45efc50acf6acc692c2ed90d70f
SSDEEP

12288:g4ElE9n4ixRxYeFqrMDQ9g5QssZsQ7xViHQEx2h3ns:yA8qQ9WsGgaw3hXs

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://pa-magelang.go.id/FTP/index.php

Targets

- Target
  
  b9d619b9b382accbc2aa81f4023baf3f_JaffaCakes118
- Size
  
  516KB
- MD5
  
  b9d619b9b382accbc2aa81f4023baf3f
- SHA1
  
  e9cc5b7fca5e3c70bf1c66827f7a59e3171359dc
- SHA256
  
  21644e10ce3947d4154ad546bfc8e065e0baaa120bf4e20e38d076bdae3022a0
- SHA512
  
  4005a2a29c774035da22e825bda67c3af5ea594ff87876e5cbf9e5b5878eca083a27191bbe53adfa25fec26fc1afe5b5e04bf45efc50acf6acc692c2ed90d70f
- SSDEEP
  
  12288:g4ElE9n4ixRxYeFqrMDQ9g5QssZsQ7xViHQEx2h3ns:yA8qQ9WsGgaw3hXs
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan