azorult | d59e0a9e77727cec2c7423c014a9c9dbab64fa54dec2e49482b262e00c9756de | Triage

Sharing

General

Target

1aa97711314612b3413c935969590bae_JaffaCakes118
Size

693KB
Sample

241007-bhpwdawemq
MD5

1aa97711314612b3413c935969590bae
SHA1

257ebb345989c07bae2b6acddb5bc848d0656bb0
SHA256

d59e0a9e77727cec2c7423c014a9c9dbab64fa54dec2e49482b262e00c9756de
SHA512

d755954df88b17cad3cf5abaa59e250043e2cc03340c3d7452ddf1da96d132c34ecc9a6caa8ba2dbf4b75cabf91a3f33c519dbbc62f765cc8d85f7c5bdacec2b
SSDEEP

12288:Vejv6Ky6XgWqQUElL1Y0UlT52pE/WuJIAu7n7rGPsUFRAp+9ZNN:Vejvg3RLC13UpT+d9yPhRAyNN

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://gess.bit/index.php

Targets

- Target
  
  1aa97711314612b3413c935969590bae_JaffaCakes118
- Size
  
  693KB
- MD5
  
  1aa97711314612b3413c935969590bae
- SHA1
  
  257ebb345989c07bae2b6acddb5bc848d0656bb0
- SHA256
  
  d59e0a9e77727cec2c7423c014a9c9dbab64fa54dec2e49482b262e00c9756de
- SHA512
  
  d755954df88b17cad3cf5abaa59e250043e2cc03340c3d7452ddf1da96d132c34ecc9a6caa8ba2dbf4b75cabf91a3f33c519dbbc62f765cc8d85f7c5bdacec2b
- SSDEEP
  
  12288:Vejv6Ky6XgWqQUElL1Y0UlT52pE/WuJIAu7n7rGPsUFRAp+9ZNN:Vejvg3RLC13UpT+d9yPhRAyNN
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan