azorult | 8d707e04a8233293ec48b3bad843363388808911da22e3ceeb6ca340b3044bc8 | Triage

Sharing

General

Target

c548ce11e698e058dd93f10830a598fd_JaffaCakes118
Size

488KB
Sample

240827-s2yfasxhjd
MD5

c548ce11e698e058dd93f10830a598fd
SHA1

1030b5fe253e087b2a84c4d8e8a07d5b7f39313f
SHA256

8d707e04a8233293ec48b3bad843363388808911da22e3ceeb6ca340b3044bc8
SHA512

7d75bc0500c2e3aa1860f792a69ca661096b1bd5ec753c8f290c0f188785d13b97634853a94bd2573db1e7319ecc3050d8881e0b05f0aa63e4ba36ee8e85bfb9
SSDEEP

12288:eLcoLmD8td+uQCqHmvHDh0l8asK+TWOndaW7Zvf:eCod1QCfDal8vvPdZ7x

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  c548ce11e698e058dd93f10830a598fd_JaffaCakes118
- Size
  
  488KB
- MD5
  
  c548ce11e698e058dd93f10830a598fd
- SHA1
  
  1030b5fe253e087b2a84c4d8e8a07d5b7f39313f
- SHA256
  
  8d707e04a8233293ec48b3bad843363388808911da22e3ceeb6ca340b3044bc8
- SHA512
  
  7d75bc0500c2e3aa1860f792a69ca661096b1bd5ec753c8f290c0f188785d13b97634853a94bd2573db1e7319ecc3050d8881e0b05f0aa63e4ba36ee8e85bfb9
- SSDEEP
  
  12288:eLcoLmD8td+uQCqHmvHDh0l8asK+TWOndaW7Zvf:eCod1QCfDal8vvPdZ7x
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan