azorult | dd860b1b9612e733d8f0985148b1f47cd9361243ccb729c3b6c3c2280461e157 | Triage

Submit
Reports

Overview

overview

Static

static

3

ba4048bd09...18.exe

windows7-x64

ba4048bd09...18.exe

windows10-2004-x64

Sharing

General

Target

ba4048bd09b860638952397c4bf83eeb_JaffaCakes118
Size

7.4MB
Sample

240618-ammfdatgnk
MD5

ba4048bd09b860638952397c4bf83eeb
SHA1

7d0b68938d8bed360310d4b6a1d90112640b832a
SHA256

dd860b1b9612e733d8f0985148b1f47cd9361243ccb729c3b6c3c2280461e157
SHA512

7666bc99fec316f2d053d39cf64a3ad9dcc7487edfa9926d63b8a0dc89fcdfc1208d3d983c90cf1c83bcaaba86166b1af7c2bb6172941dc10c62965f24338a89
SSDEEP

196608:+jAIMBqN2/6NgE3aIOGW5ueQvD5LHMY8QU4PzETeS:+jMBqNX3leQvFmQU4L0d

Score

10^/10

azorult discovery infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ba4048bd09b860638952397c4bf83eeb_JaffaCakes118.exe

Resource

win7-20240221-en

azorult infostealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba4048bd09b860638952397c4bf83eeb_JaffaCakes118.exe

Resource

win10v2004-20240508-en

azorult discovery infostealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  ba4048bd09b860638952397c4bf83eeb_JaffaCakes118
- Size
  
  7.4MB
- MD5
  
  ba4048bd09b860638952397c4bf83eeb
- SHA1
  
  7d0b68938d8bed360310d4b6a1d90112640b832a
- SHA256
  
  dd860b1b9612e733d8f0985148b1f47cd9361243ccb729c3b6c3c2280461e157
- SHA512
  
  7666bc99fec316f2d053d39cf64a3ad9dcc7487edfa9926d63b8a0dc89fcdfc1208d3d983c90cf1c83bcaaba86166b1af7c2bb6172941dc10c62965f24338a89
- SSDEEP
  
  196608:+jAIMBqN2/6NgE3aIOGW5ueQvD5LHMY8QU4PzETeS:+jMBqNX3leQvFmQU4L0d
Score

10^/10

azorult infostealer trojan discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultinfostealertrojan

behavioral2

azorultdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy