azorult | bbf94071bf2d7407c3f533faa638927988253bf8667394a11441fb3764bcadbc | Triage

Sharing

General

Target

14882f903f963d5b5231a7aeed89ab81_JaffaCakes118
Size

285KB
Sample

241004-xfg9eazfln
MD5

14882f903f963d5b5231a7aeed89ab81
SHA1

f50906412745431d42f6eaea9715bbe6da5a06c3
SHA256

bbf94071bf2d7407c3f533faa638927988253bf8667394a11441fb3764bcadbc
SHA512

2afea87506bbf6829c3877063e5928aab6012c3581a6ef50aa742d035bd83974e7d674b53d0b4d447f7272e73aded541862980a96904b7ae17125fae36716fc5
SSDEEP

6144:x5aOGGSp2m3OHdIvDB+omwgX2JB8677Uzn1mSkEu5ZMLHn:iOGGo3OHdotGG/lkxHH0ZMLH

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://kkrudy.com/za/index.php

Targets

- Target
  
  14882f903f963d5b5231a7aeed89ab81_JaffaCakes118
- Size
  
  285KB
- MD5
  
  14882f903f963d5b5231a7aeed89ab81
- SHA1
  
  f50906412745431d42f6eaea9715bbe6da5a06c3
- SHA256
  
  bbf94071bf2d7407c3f533faa638927988253bf8667394a11441fb3764bcadbc
- SHA512
  
  2afea87506bbf6829c3877063e5928aab6012c3581a6ef50aa742d035bd83974e7d674b53d0b4d447f7272e73aded541862980a96904b7ae17125fae36716fc5
- SSDEEP
  
  6144:x5aOGGSp2m3OHdIvDB+omwgX2JB8677Uzn1mSkEu5ZMLHn:iOGGo3OHdotGG/lkxHH0ZMLH
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab101f38562c8545a641e95172c354b4
- SHA1
  
  ec47ac5449f6ee4b14f6dd7ddde841a3e723e567
- SHA256
  
  3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea
- SHA512
  
  72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037
- SSDEEP
  
  96:o3W4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4K8qndYv0PLE:o3p3ggQF8REskpxZdO0PLE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/sponsor.dll
- Size
  
  9KB
- MD5
  
  6e17b30ff21d147b4b11329b0e88d0f7
- SHA1
  
  f3dfbdc3966ec9b8d1df73c14c7617843dcc507c
- SHA256
  
  7ff10984f4cb404b2f91b7d5053b85055435b321b23e96302640250740ee8fbe
- SHA512
  
  91f135dbfccec48867e12e6e5b87f82b8268ee55252c3d75c5d96bba96c03b722bb805a27b64ca2f5d09afa27943f7b80a5a33c153a9dbc17f1c057fc20bc8a7
- SSDEEP
  
  96:HJXSN54BcBhwfcYYOa670/XUjTplrOJqgDE0jDlxqE58wVAPNP9JLSj+PYKZJ:HpSN2BcHwfpNAGPrOjAYlxWw8+E
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8