azorult | 63819eb8d048de1b8bdc6f63f313ef81fea423f55d4224ff893094b9bf50d39d

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9a154b4fabb4a3255103aca18120983_JaffaCakes118.exe
Size

233KB
MD5

f9a154b4fabb4a3255103aca18120983
SHA1

e21ee3ecb91c5f5288aaf1daa8a6bcd0515d41aa
SHA256

63819eb8d048de1b8bdc6f63f313ef81fea423f55d4224ff893094b9bf50d39d
SHA512

06cf03b296ea8e1acfeae8b37cf432a849c673aabedf84e74420e6aa5f1e5fb0349010f5e22e73ad41c3a21289b97caeee8f5a81603c36c2428e0e063f5d91b9
SSDEEP

3072:tD5G9O/4JUp7pJRTm7aTO6T8XI7VWC1/H11ISqp55H4c8zw8y:uUwmFJRShQ8XUjjEjHr8zwz

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

http://login.giocherialaragnatela.it/azs/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f9a154b4fabb4a3255103aca18120983_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f9a154b4fabb4a3255103aca18120983_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f9a154b4fabb4a3255103aca18120983_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3032-0-0x00000000003D0000-0x00000000003E8000-memory.dmp

Filesize
96KB

Download
memory/3032-2-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3032-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/3032-3-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3032-4-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download