azorult | 12590080e8045f1980639e59bb601a4febbfbc30a1906e5715bcead183fd2515 | Triage

Sharing

General

Target

e1019fead4f30d64ccb52227321491e5_JaffaCakes118
Size

2.1MB
Sample

240914-zl98gswaqe
MD5

e1019fead4f30d64ccb52227321491e5
SHA1

15895e2ecf7fefe941044d2f906f2bd9f2b23219
SHA256

12590080e8045f1980639e59bb601a4febbfbc30a1906e5715bcead183fd2515
SHA512

833316c9c8203a394322e05e7545c4a6415c8593e1e614ffb60d39a9b410f397d4136bf544002b4a71ace51ea9ce98eaee2d2f3c35223aa0ffd59977470b55cf
SSDEEP

49152:rCLhv1ErdEpVfyuWYb0Typ74jODsT9ZlpJvlMkX8BNDKOpoj:6hv1fVfypYb0WlkODc7Jvlp8BgQc

Score

10^/10

azorult discovery evasion infostealer trojan

Malware Config

Targets

- Target
  
  e1019fead4f30d64ccb52227321491e5_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  e1019fead4f30d64ccb52227321491e5
- SHA1
  
  15895e2ecf7fefe941044d2f906f2bd9f2b23219
- SHA256
  
  12590080e8045f1980639e59bb601a4febbfbc30a1906e5715bcead183fd2515
- SHA512
  
  833316c9c8203a394322e05e7545c4a6415c8593e1e614ffb60d39a9b410f397d4136bf544002b4a71ace51ea9ce98eaee2d2f3c35223aa0ffd59977470b55cf
- SSDEEP
  
  49152:rCLhv1ErdEpVfyuWYb0Typ74jODsT9ZlpJvlMkX8BNDKOpoj:6hv1fVfypYb0WlkODc7Jvlp8BgQc
Score

10^/10

azorult discovery evasion infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryevasioninfostealertrojan

behavioral2

azorultdiscoveryevasioninfostealertrojan