azorult | 8d3bc970595e1d81d09d72f32d2395c4212cecb7bf7f42a74d349708409a2fea | Triage

Analysis

max time kernel
138s
max time network
146s
platform
windows7_x64
resource
win7
submitted
30-06-2020 05:45

Sharing

Report Analysis Logs

General

Target

Data Sheet.exe
Size

285KB
MD5

7c535999a654c1cae8fe88ae17a54f9e
SHA1

b008e71d40074ad2c715f32514835b07436212ab
SHA256

8d3bc970595e1d81d09d72f32d2395c4212cecb7bf7f42a74d349708409a2fea
SHA512

15ac842cdc1e4ff69f2d7fb21cd38377affd1dd172b38407a9b752b69bd9817cef668c17b9a34d4ff9498a221d042bd84e9dee14f7139072177b5711ccd47307

Score

10^/10

trojan infostealer azorult

Malware Config

Extracted

Family

azorult

C2

http://165.22.238.171/index.php

Signatures

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

Data Sheet.exe

description	pid	process	target process
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe
PID 1060 wrote to memory of 1436	1060	Data Sheet.exe	Data Sheet.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

Data Sheet.exe

description pid process target process

PID 1060 set thread context of 1436 1060 Data Sheet.exe Data Sheet.exe
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

C:\Users\Admin\AppData\Local\Temp\Data Sheet.exe
"C:\Users\Admin\AppData\Local\Temp\Data Sheet.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:1060

C:\Users\Admin\AppData\Local\Temp\Data Sheet.exe
"{path}"
2⤵
PID:1436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1060-1-0x0000000000000000-0x0000000000000000-disk.dmp

Download
memory/1436-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1436-3-0x000000000041A1F8-mapping.dmp

Download
memory/1436-4-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download