azorult

General

Target

13012025_1630_13012025_24010-KAPSON.rar
Size

822KB
Sample

250113-tzy5gsyncz
MD5

16f45dfbade21c80c8558b25e0c04a0c
SHA1

92c0f481e55a87e3ef84a259603065b0717fa668
SHA256

388d5d0116a16b2cf3711107853f8ae3052273ad55770d95ac6c5ca4643d5f47
SHA512

d077c6795f5593e88a0c29406c5119ef8951f13ea58ff75983bb341c430351376e56c88a706fa2fb197a332312dab46f244d58686615095be46cd6fc08a41ee4
SSDEEP

24576:ikqDTim7ZHCUWihj8vl8k/vgyEaRCuOD9:ipGmZCUphjW8kJhCp

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://b2csa.icu/PL341/index.php

Targets

- Target
  
  24010-KAPSON.exe
- Size
  
  927KB
- MD5
  
  21c5e6a566f4f22671bd4933ab0dce66
- SHA1
  
  764dcbf2aaa25271833bfe217594e07bf4bb9e93
- SHA256
  
  1112d16470efe5c9714789944abe3dd43665d9b1f3a206b5d15406e6ab0ef414
- SHA512
  
  ae7d18770a9a12077f33c2657b9ea852dbb4cf11f759be0064046c40866ce1f49f20d32737934b75694ee1e55fe479121ee5434d9d35628c3a0a1cdf12a8648b
- SSDEEP
  
  24576:juA8Xd6qZNpie53Kl6RJNBIQll+hQT2jiux5J:RKdkec0RFIQlluQsxD
Score

10^/10

discovery execution azorult collection credential_access infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Azorult family
  azorult
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  51e63a9c5d6d230ef1c421b2eccd45dc
- SHA1
  
  c499cdad5c613d71ed3f7e93360f1bbc5748c45d
- SHA256
  
  cd8496a3802378391ec425dec424a14f5d30e242f192ec4eb022d767f9a2480f
- SHA512
  
  c23d713c3c834b3397c2a199490aed28f28d21f5781205c24df5e1e32365985c8a55be58f06979df09222740ffa51f4da764ebc3d912cd0c9d56ab6a33cab522
- SSDEEP
  
  96:W7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:Iygp3FcHi0xhYMR8dMqJVgN
Score

3^/10

discovery
behavioral3 behavioral4