azorult | 96f757110069e6d69ce2e7c624546dfe9b239f7e2418e3b3585d32013b2cf838 | Triage

Submit
Reports

Overview

overview

Static

static

3

96f7571100...8N.exe

windows7-x64

96f7571100...8N.exe

windows10-2004-x64

Sharing

General

Target

96f757110069e6d69ce2e7c624546dfe9b239f7e2418e3b3585d32013b2cf838N.exe
Size

653KB
Sample

250216-dg9v9symel
MD5

dda6fc3c4eba8de0e9f4ea9fef679be0
SHA1

43e1a8c1f259042e8080ebda0d52d44f402739a0
SHA256

96f757110069e6d69ce2e7c624546dfe9b239f7e2418e3b3585d32013b2cf838
SHA512

d405d54aacb0cecf7c5deeed1ea4007dd8abe7ab65bdf1a88cef43adafb60477a086a48b225e1a3d6871632e41f6b0ac36d5d52341fd5efaab676ab75d6103ff
SSDEEP

12288:Ay6DtFmTew940ra5aDMAS5e89OQIOXLE8kfyxD8Mh8oXSeaMNIg3qIm:Ay6DtFmT1MAS5e85jLQ2D8CXSgag6I

Score

10^/10

azorult discovery infostealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

96f757110069e6d69ce2e7c624546dfe9b239f7e2418e3b3585d32013b2cf838N.exe

Resource

win7-20241010-en

azorult discovery infostealer trojan upx

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

96f757110069e6d69ce2e7c624546dfe9b239f7e2418e3b3585d32013b2cf838N.exe

Resource

win10v2004-20250211-en

azorult discovery infostealer trojan upx

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

azorult

C2

http://185.207.204.48/a/gate.php

Targets

- Target
  
  96f757110069e6d69ce2e7c624546dfe9b239f7e2418e3b3585d32013b2cf838N.exe
- Size
  
  653KB
- MD5
  
  dda6fc3c4eba8de0e9f4ea9fef679be0
- SHA1
  
  43e1a8c1f259042e8080ebda0d52d44f402739a0
- SHA256
  
  96f757110069e6d69ce2e7c624546dfe9b239f7e2418e3b3585d32013b2cf838
- SHA512
  
  d405d54aacb0cecf7c5deeed1ea4007dd8abe7ab65bdf1a88cef43adafb60477a086a48b225e1a3d6871632e41f6b0ac36d5d52341fd5efaab676ab75d6103ff
- SSDEEP
  
  12288:Ay6DtFmTew940ra5aDMAS5e89OQIOXLE8kfyxD8Mh8oXSeaMNIg3qIm:Ay6DtFmT1MAS5e85jLQ2D8CXSgag6I
Score

10^/10

azorult discovery infostealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Azorult family
  azorult
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultdiscoveryinfostealertrojanupx

behavioral2

azorultdiscoveryinfostealertrojanupx

© 2018-2025

Terms | Privacy