azorult | 6400283b54db6e1202ca0902e7e0e3f20a44864a44e3abcc970fcfce9ccaca54 | Triage

Submit
Reports

Overview

overview

Static

static

7

c34216a0b0...18.exe

windows7-x64

c34216a0b0...18.exe

windows10-2004-x64

Sharing

General

Target

c34216a0b098100549a990bccc6c076d_JaffaCakes118
Size

459KB
Sample

240826-sljbfazgpe
MD5

c34216a0b098100549a990bccc6c076d
SHA1

c4d0ed1ca0e6111e900a14bd85375dd375b876c9
SHA256

6400283b54db6e1202ca0902e7e0e3f20a44864a44e3abcc970fcfce9ccaca54
SHA512

0ed47ef84089a74629be7c7b3eeeda921f033262597448161199a3adf07884cf3b07bd1184027dc93956b0eb4a1bc7fb0d9f4d0caea8a961162126d2f99c7dc5
SSDEEP

3072:tNH5paxbN+7Sz7gItbISy/ZFpCXhg3n+3e:PX4N+SPtbH0ZFIh0+3

Score

10^/10

azorult discovery infostealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c34216a0b098100549a990bccc6c076d_JaffaCakes118.exe

Resource

win7-20240704-en

azorult discovery infostealer trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c34216a0b098100549a990bccc6c076d_JaffaCakes118.exe

Resource

win10v2004-20240802-en

azorult discovery infostealer trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

https://romanone.com/wp-content/okoye/32/index.php

Targets

- Target
  
  c34216a0b098100549a990bccc6c076d_JaffaCakes118
- Size
  
  459KB
- MD5
  
  c34216a0b098100549a990bccc6c076d
- SHA1
  
  c4d0ed1ca0e6111e900a14bd85375dd375b876c9
- SHA256
  
  6400283b54db6e1202ca0902e7e0e3f20a44864a44e3abcc970fcfce9ccaca54
- SHA512
  
  0ed47ef84089a74629be7c7b3eeeda921f033262597448161199a3adf07884cf3b07bd1184027dc93956b0eb4a1bc7fb0d9f4d0caea8a961162126d2f99c7dc5
- SSDEEP
  
  3072:tNH5paxbN+7Sz7gItbISy/ZFpCXhg3n+3e:PX4N+SPtbH0ZFIh0+3
Score

10^/10

azorult discovery infostealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojanupx

behavioral2

azorultdiscoveryinfostealertrojanupx

© 2018-2024

Terms | Privacy