azorult | 98923f07009b4e65ca98551ee14d38910fc102d4d075fa590633c2a74a98976d

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-11-2024 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6fbdbd819bab362066048e1cd6e30bf_JaffaCakes118.exe
Size

310KB
MD5

a6fbdbd819bab362066048e1cd6e30bf
SHA1

759316af53f1fa9c1c0118d157ce730e8f830b30
SHA256

98923f07009b4e65ca98551ee14d38910fc102d4d075fa590633c2a74a98976d
SHA512

a6bbebb64ea7dd961ea437651fab8edd39efd765ecd8343cd332452b0ef80554422f4149995929ca8097d6c7f67c8ffc16f297de22500fefe3c0decfb9f89e1a
SSDEEP

3072:8UBYZzcERJ6IVMgnKHuLW+dct7S5xtZqleMe3FzlxrfWbrcEOQR1jkfQsCFgmyow:iztJr3LWwUS5jZq01z/r8ruQR1jkIDw

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

http://bloodmood.bit/p/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Azorult family
azorult

Unexpected DNS network traffic destination 17 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	162.248.241.94
Destination IP	151.80.147.153
Destination IP	80.233.248.109
Destination IP	173.249.7.187
Destination IP	5.45.97.127
Destination IP	82.141.39.32
Destination IP	94.247.43.254
Destination IP	172.98.193.42
Destination IP	198.206.14.241
Destination IP	91.217.137.44
Destination IP	46.101.70.183
Destination IP	107.172.42.186
Destination IP	130.255.78.223
Destination IP	173.212.234.232
Destination IP	50.3.82.215
Destination IP	128.52.130.209
Destination IP	192.52.166.110

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6fbdbd819bab362066048e1cd6e30bf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a6fbdbd819bab362066048e1cd6e30bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6fbdbd819bab362066048e1cd6e30bf_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2568-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-2-0x0000000000520000-0x0000000000620000-memory.dmp

Filesize
1024KB

Download
memory/2568-3-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2568-4-0x0000000000520000-0x0000000000620000-memory.dmp

Filesize
1024KB

Download
memory/2568-5-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-6-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2568-7-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-8-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-9-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-10-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-11-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-12-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-13-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-15-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-16-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-18-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2568-19-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download