azorult | 7efd2936ffd94ab1fabf989fd75cb0f54253ce1950fe6bee4168b230c39e15cc | Triage

Submit
Reports

Overview

overview

Static

static

3

d733f2e3f5...18.exe

windows7-x64

d733f2e3f5...18.exe

windows10-2004-x64

Sharing

General

Target

d733f2e3f5b6925b7a57d52592f2cdc9_JaffaCakes118
Size

4.2MB
Sample

240909-2hp49awblc
MD5

d733f2e3f5b6925b7a57d52592f2cdc9
SHA1

d884741c23e51405af75fedd296b5a5788e432f1
SHA256

7efd2936ffd94ab1fabf989fd75cb0f54253ce1950fe6bee4168b230c39e15cc
SHA512

39c57209d89e9460222227099b1272ba49b29bd4a9cb31ff096cbeeae1812bc1a03f7086c24124cb83330aa23b216dc5ec62b04f38802eeee53801e0a92b66d7
SSDEEP

98304:1AI+bekwfoM38+Y845C7ZloybZpE0CsJ91E8Ej5ehitYnL:mtb1MMz84M7ZW0Csv1M5duL

Score

10^/10

azorult discovery infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d733f2e3f5b6925b7a57d52592f2cdc9_JaffaCakes118.exe

Resource

win7-20240903-en

azorult discovery infostealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d733f2e3f5b6925b7a57d52592f2cdc9_JaffaCakes118.exe

Resource

win10v2004-20240802-en

azorult discovery infostealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://194.32.78.34/inc/d/index.php

Targets

- Target
  
  d733f2e3f5b6925b7a57d52592f2cdc9_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  d733f2e3f5b6925b7a57d52592f2cdc9
- SHA1
  
  d884741c23e51405af75fedd296b5a5788e432f1
- SHA256
  
  7efd2936ffd94ab1fabf989fd75cb0f54253ce1950fe6bee4168b230c39e15cc
- SHA512
  
  39c57209d89e9460222227099b1272ba49b29bd4a9cb31ff096cbeeae1812bc1a03f7086c24124cb83330aa23b216dc5ec62b04f38802eeee53801e0a92b66d7
- SSDEEP
  
  98304:1AI+bekwfoM38+Y845C7ZloybZpE0CsJ91E8Ej5ehitYnL:mtb1MMz84M7ZW0Csv1M5duL
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy