azorult | 77f10cc3bf2e9534ed7354b016c467e3affcebab83eb77508d7990e5b7be2cad | Triage

Sharing

General

Target

20032025_0342_17032025_HSBC_PAYMENT_ADVICE.zip
Size

960KB
Sample

250320-ee8qvssxex
MD5

d65db2ce9c7016872194031411be392d
SHA1

8eec0dc5055c37591acac3786f99436ec1b6d3a0
SHA256

77f10cc3bf2e9534ed7354b016c467e3affcebab83eb77508d7990e5b7be2cad
SHA512

856077f772709c11201d1a075a05bf8bbf75a668998bbf073448cce321f45a6706e89792db43f648f1a314580a33124c2390fee451f32ff7f1c6429130b8165f
SSDEEP

24576:lkuwcDp9LmdkQpGq+BM1GyzOMHxbmxmZMihqjLcEU4WB:OgLmdHGv4zOMIIxq3VrWB

Score

10^/10

azorult guloader discovery downloader infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://j4b2.icu/TL341/index.php

Targets

- Target
  
  HSBC_PAYMENT_ADVICE.exe
- Size
  
  990KB
- MD5
  
  5c09efb4b470be007ec32c8b75573778
- SHA1
  
  56bf0096d00744a62ebc6d92a8d946f0ea640bc3
- SHA256
  
  a2c99657a4ad9ee39ac142a3a531378b58b716cc08af27046667cee10c3c07d2
- SHA512
  
  392bdc9e67ff1088e8a7257da1a558be4dd917873f5fcdf49693411d1afad9e04dc05e15755ae15d31d296d6584f2f110572c2002a83da074a277f2c65c373b1
- SSDEEP
  
  24576:hK5QwkDX9VadkI7t+7MC8dyz4M1VTMtYZMQh+LLYEUoA:GuVaddIB8Mz4Mgq9+/RrA
Score

10^/10

azorult guloader discovery downloader infostealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Azorult family
  azorult
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  174708997758321cf926b69318c6c3f5
- SHA1
  
  645488089bf320f6864e0d0bc284c85216e56fbd
- SHA256
  
  f577b66492e97c7b8bf515398d8deb745abafd74f56fc03e67fce248ebbeb873
- SHA512
  
  214433597e04ca1ff9b4fe092d5d2997707a7c56f0f82c85d586088a200e4455028f3b9427d87b4f06f9252557d5be4b7a9138ea6a8d045df6209421fd8ca054
- SSDEEP
  
  48:S46+/ZTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mCofjLl:zDuPbOBtWZBV8jAWiAJCdv2CmpL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0ff2d70cfdc8095ea99ca2dabbec3cd7
- SHA1
  
  10c51496d37cecd0e8a503a5a9bb2329d9b38116
- SHA256
  
  982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
- SHA512
  
  cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
- SSDEEP
  
  192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultguloaderdiscoverydownloaderinfostealertrojan

behavioral2

azorultguloaderdiscoverydownloaderinfostealertrojan

behavioral3

behavioral4

behavioral5

behavioral6