azorult | 8f856e9882d312f6a51f265796c6a68c1914d1c51c59fc1964484fa5ac130f34 | Triage

Sharing

General

Target

8f856e9882d312f6a51f265796c6a68c1914d1c51c59fc1964484fa5ac130f34.exe
Size

941KB
Sample

250116-dmvcrsymc1
MD5

ab99e49a4471901468bbbd9ccf228de0
SHA1

2b7302e1b24a9994e2924e97e627c1f5de23eaaa
SHA256

8f856e9882d312f6a51f265796c6a68c1914d1c51c59fc1964484fa5ac130f34
SHA512

bcda816d71aab2b798ed2d2764099eea01ce51c9a276377a0d5ca3aed4aaf328d700204dbbc8539d16eb70529d390d7113e7700c98652caa4512c2979ef9313c
SSDEEP

24576:YuA8/BOypdAGTekMh6RJNBIQll+hQT2jiux5A:+IBOypdAGTRrRFIQlluQsxq

Score

10^/10

azorult discovery execution infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://b2csa.icu/PL341/index.php

Targets

- Target
  
  8f856e9882d312f6a51f265796c6a68c1914d1c51c59fc1964484fa5ac130f34.exe
- Size
  
  941KB
- MD5
  
  ab99e49a4471901468bbbd9ccf228de0
- SHA1
  
  2b7302e1b24a9994e2924e97e627c1f5de23eaaa
- SHA256
  
  8f856e9882d312f6a51f265796c6a68c1914d1c51c59fc1964484fa5ac130f34
- SHA512
  
  bcda816d71aab2b798ed2d2764099eea01ce51c9a276377a0d5ca3aed4aaf328d700204dbbc8539d16eb70529d390d7113e7700c98652caa4512c2979ef9313c
- SSDEEP
  
  24576:YuA8/BOypdAGTekMh6RJNBIQll+hQT2jiux5A:+IBOypdAGTRrRFIQlluQsxq
Score

10^/10

discovery execution azorult infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Azorult family
  azorult
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  51e63a9c5d6d230ef1c421b2eccd45dc
- SHA1
  
  c499cdad5c613d71ed3f7e93360f1bbc5748c45d
- SHA256
  
  cd8496a3802378391ec425dec424a14f5d30e242f192ec4eb022d767f9a2480f
- SHA512
  
  c23d713c3c834b3397c2a199490aed28f28d21f5781205c24df5e1e32365985c8a55be58f06979df09222740ffa51f4da764ebc3d912cd0c9d56ab6a33cab522
- SSDEEP
  
  96:W7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:Iygp3FcHi0xhYMR8dMqJVgN
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

azorultdiscoveryexecutioninfostealertrojan

behavioral3

behavioral4