azorult | 2c0aa4e25cf7b92f547d17c6078e8565f19a9115cbfa31257baaec9317419a40 | Triage

Sharing

General

Target

dc3ddb02e50ec8b341ef958af552ea66_JaffaCakes118
Size

321KB
Sample

240912-nnxjmatcme
MD5

dc3ddb02e50ec8b341ef958af552ea66
SHA1

c967c25f164dcbf55cc59fc6125b2e1d11f4d2e0
SHA256

2c0aa4e25cf7b92f547d17c6078e8565f19a9115cbfa31257baaec9317419a40
SHA512

58f39466afb80f5acf8a01d85d912164ba5bde6881d8e2d269e58b1ed06e821ed179120a349392beb5a064a4cf9a37ec7a1cc40bd81f74d0f04ea5cf7346f5a3
SSDEEP

6144:BOe2W7/fkzyQ+rftJVqhlfz8W+vjloC8xMdfzLi:1LMnkwVz3ijlAcfzLi

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

https://ntrcgroup.com/nze/index.php

Targets

- Target
  
  dc3ddb02e50ec8b341ef958af552ea66_JaffaCakes118
- Size
  
  321KB
- MD5
  
  dc3ddb02e50ec8b341ef958af552ea66
- SHA1
  
  c967c25f164dcbf55cc59fc6125b2e1d11f4d2e0
- SHA256
  
  2c0aa4e25cf7b92f547d17c6078e8565f19a9115cbfa31257baaec9317419a40
- SHA512
  
  58f39466afb80f5acf8a01d85d912164ba5bde6881d8e2d269e58b1ed06e821ed179120a349392beb5a064a4cf9a37ec7a1cc40bd81f74d0f04ea5cf7346f5a3
- SSDEEP
  
  6144:BOe2W7/fkzyQ+rftJVqhlfz8W+vjloC8xMdfzLi:1LMnkwVz3ijlAcfzLi
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan