azorult

Resubmissions

28-11-2024 19:05

241128-xrs52swrfx 3

28-11-2024 18:59

241128-xm59tawqcw 3

28-11-2024 18:56

241128-xlkayswpgs 10

28-11-2024 18:52

241128-xjhz4swpbt 10

Sharing

Copy URL

Twitter E-mail

General

Target

Euro_Truck_keygen_by_KeyGenGuru.zip
Size

5.0MB
Sample

241128-xlkayswpgs
MD5

5e4b59eafe95c4c282e2cc0e583e9c2e
SHA1

60718f8cf1624b17dccc19cec627e253915e4beb
SHA256

064ac471f84251c90c80fcd9c758c4e0a83f59a7d4fb584af0c7f3599b9efbf6
SHA512

97ebb4c22eededaa581c98a7f9dcd8a0e8975b91f5792fb2594e6796e70161ab349274fba0c040b72b74893a11e143706638fa504ed8c8bcd763b8db66a25f87
SSDEEP

98304:m3jyuGTLyzbghu+UolRNLUg1dX/OY+EZZIOpqTeJTJYq8paLm+MCCuRtPyWA7XVc:m3Wd8bgh3ULiX5LZZhpseJTJbax+dCuV

Score

10^/10

Malware Config

Extracted

Family

azorult

http://upqx.ru/1210776429.php

Targets

- Target
  
  Euro_Truck_keygen_by_KeyGenGuru.exe
- Size
  
  5.1MB
- MD5
  
  292885a40b0c89d819ab4b4fe3adf302
- SHA1
  
  7f5588147add8e4f4909068220527762b1bbfc2b
- SHA256
  
  b1f2b5a112f09308cf736e3746a11bd09fe84c7024d1601a44ede496361acb65
- SHA512
  
  23e6f515d8691a590e1c27ee84a41437996433612b9de39c9b59e3c2562e0394beb226211a45febd930b57eb9508b747bad981a747759100cb27e7835ed72550
- SSDEEP
  
  98304:ehbGvDuZFqCrXL+Shff+vW7t4p7bQzVxiGfCI7hnqWo/WDkoLRY7G:eh5zqcLf++aMzV0GqI7B5oODkoLRYa
Score

10^/10

azorult pony collection credential_access discovery infostealer rat spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Azorult family
  azorult
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Azorult family

Pony family

Pony,Fareit

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2