azorult

General

Target

4.exe
Size

614KB
Sample

240911-mthf8awapq
MD5

3ac5f1a33978d9865ed6715edd2c39d7
SHA1

fe38fb821fcf060ba720e464767e3599f3c41b78
SHA256

d5c6d98bf546829a6232e4b7598da24cacc20b41e2db0f63a1e918983464d1f8
SHA512

9a2eded115fe49ef4788106c315b0056bdb42068d9d686479a0d6f19d7371a430ba218be811f1b182512302a61144bb019e3701c8be8434926ab08ad2f08b3b2
SSDEEP

12288:CBIJsQMaH82xY/BikO20xRDFTcsLgwuOCC:rJsQMu8Ub5DwC

Score

10^/10

Malware Config

Targets

- Target
  
  4.exe
- Size
  
  614KB
- MD5
  
  3ac5f1a33978d9865ed6715edd2c39d7
- SHA1
  
  fe38fb821fcf060ba720e464767e3599f3c41b78
- SHA256
  
  d5c6d98bf546829a6232e4b7598da24cacc20b41e2db0f63a1e918983464d1f8
- SHA512
  
  9a2eded115fe49ef4788106c315b0056bdb42068d9d686479a0d6f19d7371a430ba218be811f1b182512302a61144bb019e3701c8be8434926ab08ad2f08b3b2
- SSDEEP
  
  12288:CBIJsQMaH82xY/BikO20xRDFTcsLgwuOCC:rJsQMu8Ub5DwC
Score

10^/10

azorult collection credential_access discovery execution infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2