azorult | 2782dbd1297140df074aa18e4d3ae35e6a21e545b8f85f271756bbf0f06683c2 | Triage

Sharing

General

Target

JaffaCakes118_2782dbd1297140df074aa18e4d3ae35e6a21e545b8f85f271756bbf0f06683c2
Size

245KB
Sample

241230-yrllmsypfx
MD5

49debafabc8c6cd4481972452a64ae93
SHA1

514e0859b54d5373a4ffab8c6b3117c8fb1ff754
SHA256

2782dbd1297140df074aa18e4d3ae35e6a21e545b8f85f271756bbf0f06683c2
SHA512

e0c623268728184611fc9b62c5eae2a39eb7aaab73a8bc1b1d6ef2847164f5c764ca7c446d04a6fa2a1e3eeab1611ab27dcdd157b7d117e202fbd74425ee735d
SSDEEP

6144:7PAME3DMhXfaUyjrlhBAxmPPnSDHQEZp99fg:7P830XfsNAwETI

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://samwellgs.com/index.php

Targets

- Target
  
  80a6c3c9ce52dcbdfa63d15bca31502c93d105a9554b7d04c559f6ed0948e5c3
- Size
  
  305KB
- MD5
  
  82056f9901e19a723b58e0afa8f3de23
- SHA1
  
  bd5ef77aa3db4e073265583f521748894cb3823f
- SHA256
  
  80a6c3c9ce52dcbdfa63d15bca31502c93d105a9554b7d04c559f6ed0948e5c3
- SHA512
  
  2995f12739e62ad87a9d642682ec704974362e8c4c85179baa8ede6b2d22d68b82d1b448adb2534db93e949a11b17ba0a9df507186e26aeeef36b4cfa3e0bfe5
- SSDEEP
  
  6144:XlJKPQUbN/dObH6dHn3WFihI5BE8oF1fvOFPVtC:VJwNbN/dOrAHn3j8oOVS
Score

10^/10

azorult discovery infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Azorult family
  azorult
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan