azorult | 106839b29f3e5a9d68e9e3edb18c9e20edb1b165bc1042d576ebe6887f4b4c9a | Triage

Resubmissions

14-10-2024 23:25

241014-3ef8ls1hkg 10

14-10-2024 23:15

241014-28scasvfqq 10

Sharing

General

Target

722ef401e5cbb067c5c33faa402774d3c75ef08e0c8cc4d7e66a9cfa53684088.zip
Size

440KB
Sample

241014-28scasvfqq
MD5

8692f6bd4fa3ac41af1d33e9c243e67c
SHA1

458634c33f3286890adec73bb41003062a0a23bf
SHA256

106839b29f3e5a9d68e9e3edb18c9e20edb1b165bc1042d576ebe6887f4b4c9a
SHA512

4ae3bfacfbd8e10633d780dfe5275363603c34e3f599e9d54f2373f8201bb531380380114453a9a72f534518f0e01e21cd38bfb6f3e2e0d686eb4e31b7f08b5e
SSDEEP

12288:8iPM9TrqLargEYyHk27qXmfZb8m4XO3nG+6U9L2d:8bdqL8HlwmfZ4XXO3nGmL2d

Score

10^/10

azorult discovery execution infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://5gw4d.xyz/PL341/index.php

Targets

- Target
  
  722ef401e5cbb067c5c33faa402774d3c75ef08e0c8cc4d7e66a9cfa53684088.exe
- Size
  
  483KB
- MD5
  
  7a0093c743fc33a5e111f2fec269f79b
- SHA1
  
  feadb2ca02d41f2d834b8577f39a582d4bdd734f
- SHA256
  
  722ef401e5cbb067c5c33faa402774d3c75ef08e0c8cc4d7e66a9cfa53684088
- SHA512
  
  77cade5a9e48f8d1da6e689a7881b23a1be165f1be8f26059458766e6fc4db8c03c058beb19dd0f644aebd218371ef487fe31a086e6fbc7089976d0802010eee
- SSDEEP
  
  12288:9ydPkF/ZAC8I1SkXHmjQ961/Tl9/EHDO2wb:U+F/ZA/8SkXx61LIHDO
Score

10^/10

azorult discovery execution infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryexecutioninfostealertrojan

behavioral2

azorultdiscoveryexecutioninfostealertrojan