ioc[.]one - OSINT Cyber Threat Intelligence Database

AZORult Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Software Discovery - T1418 Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Clipboard Data - T1414 Command And Scripting Interpreter - T1623 Control Panel - T1218.002 Credentials In Files - T1552.001 Credentials In Registry - T1552.002 Data From Local System - T1533 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Embedded Payloads - T1027.009 Encrypted Channel - T1521 Encrypted Channel - T1573 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Native Api - T1575 Powershell - T1059.001 Process Injection - T1631 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Shortcut Modification - T1547.009 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 System Shutdown/Reboot - T1529 Timestomp - T1070.006 Virtualization/Sandbox Evasion - T1497 Video Capture - T1512 Unsecured Credentials - T1552 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Clipboard Data - T1115 Command-Line Interface - T1059 Credential Dumping - T1003 Credentials In Files - T1081 Credentials In Registry - T1214 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Email Collection - T1114 Execution Through Api - T1106 Execution Through Module Load - T1129 File And Directory Discovery - T1083 Hidden Window - T1143 Indicator Removal On Host - T1070 Masquerading - T1036 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Remote System Discovery - T1018 Scripting - T1064 Security Software Discovery - T1063 Shortcut Modification - T1023 Software Packing - T1045 System Information Discovery - T1082 Windows Management Instrumentation - T1047 Timestomp - T1099 Video Capture - T1125 Masquerading Remote System Discovery Scripting

Show in Graph

Common Information

Type	Value
UUID	f6ef2dd3-7bc9-424c-80ee-0c1a53a7c666
Fingerprint	ba2479746df38591
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 4, 2024, 5:49 a.m.
Added to db	Sept. 4, 2024, 8:38 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	AZORult Malware: Technical Analysis
Title	AZORult Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Detected Hints/Tags/Attributes	135/3/71

Source URLs

	Redirection	Url
Details	Source	https://any.run/cybersecurity-blog/azorult-malware-analysis/

URL Provider

Details	Provider	Source level domain
Details	any.run	any.run

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	14	✔	ANY.RUN's Cybersecurity Blog	https://any.run/cybersecurity-blog/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	911	any.run
Details	Domain	1	ehzwq.shop
Details	Domain	1	fp-afd-nocache-ccp.azureedge.net
Details	Domain	18	lencr.org
Details	Domain	1	a-ring-fallback.msedge.net
Details	Domain	1	t-ring-fdv2.msedge.net
Details	Domain	1	reap.skyestates.com.mt
Details	File	1208	powershell.exe
Details	File	1	declinometer235.exe
Details	md5	1	0824428fdccf3c63fc1ca19a1dd7ef74
Details	sha256	1	90a82defe606e51d2826265a43737130682b738241700782d7e41188475b7fb7
Details	IPv4	1	108.167.181.251
Details	IPv4	1	20.166.126.56
Details	IPv4	1	52.168.117.175
Details	IPv4	2	20.223.35.26
Details	IPv4	1	2.23.209.130
Details	IPv4	1	2.23.209.158
Details	IPv4	1	2.23.209.140
Details	IPv4	1	13.107.246.45
Details	IPv4	1	131.253.33.254
Details	IPv4	3	20.99.185.48
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	80	T1064
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	30	T1547.009
Details	MITRE ATT&CK Techniques	164	T1574
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	40	T1027.009
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	93	T1070.006
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	107	T1564
Details	MITRE ATT&CK Techniques	66	T1564.003
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	23	T1552.002
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	82	T1115
Details	MITRE ATT&CK Techniques	32	T1125
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	48	T1529
Details	Windows Registry Key	20	HKEY_CURRENT_USER\Control
Details	Windows Registry Key	1	HKEY_USERS\S-1-5-21-575823232-3065301323-1442773979-1000\fordjelsesbesvret\Uninstall\Spidsfindigeres22\luftrr
Details	Windows Registry Key	1	HKEY_CURRENT_USER\fordjelsesbesvret\Uninstall\Spidsfindigeres22\luftrr
Details	Windows Registry Key	1	HKEY_CURRENT_USER\fordjelsesbesvret\Uninstall\Spidsfindigeres22luftrr
Details	Windows Registry Key	1	HKEY_CURRENT_USER\fordjelsesbesvret
Details	Windows Registry Key	1	HKEY_CURRENT_USER\fordjelsesbesvret\Uninstall
Details	Windows Registry Key	1	HKEY_CURRENT_USER\fordjelsesbesvret\Uninstall\Spidsfindigeres22