Overview

overview

10

Static

static

fbb5cbfecd...d1.exe

windows7_x64

10

fbb5cbfecd...d1.exe

windows10_x64

10

Analysis

  • max time kernel
    30s
  • max time network
    104s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbb5cbfecd374946995e5810f61cb6feab04623cdc75d49ce5b6829d709ba2d1.exe

  • Size

    2.1MB

  • MD5

    605aef0d11af064adf362280eb67047f

  • SHA1

    30aba316686fab130b81dfc18b266bb88703b7cc

  • SHA256

    fbb5cbfecd374946995e5810f61cb6feab04623cdc75d49ce5b6829d709ba2d1

  • SHA512

    cc7b620e3c85347af518fcbf5b815c0f33bf85f96d7fa25aa66b5a9e3c60e823d9e81defc8011dfbc56ef569816dfa34676445b2b85c80fa155800410d2bcfeb

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://185.222.58.102/wal/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbb5cbfecd374946995e5810f61cb6feab04623cdc75d49ce5b6829d709ba2d1.exe
    "C:\Users\Admin\AppData\Local\Temp\fbb5cbfecd374946995e5810f61cb6feab04623cdc75d49ce5b6829d709ba2d1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Users\Admin\AppData\Local\Temp\fbb5cbfecd374946995e5810f61cb6feab04623cdc75d49ce5b6829d709ba2d1.exe
      "C:\Users\Admin\AppData\Local\Temp\fbb5cbfecd374946995e5810f61cb6feab04623cdc75d49ce5b6829d709ba2d1.exe"
      2⤵
        PID:3300

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3300-7-0x0000000000400000-0x0000000000420000-memory.dmp
      Filesize

      128KB

      Download
    • memory/3300-8-0x000000000041A684-mapping.dmp
      Download
    • memory/3300-9-0x0000000000400000-0x0000000000420000-memory.dmp
      Filesize

      128KB

      Download
    • memory/4756-0-0x00000000732D0000-0x00000000739BE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4756-1-0x00000000000C0000-0x00000000000C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4756-3-0x0000000005030000-0x0000000005031000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4756-4-0x0000000002650000-0x0000000002690000-memory.dmp
      Filesize

      256KB

      Download
    • memory/4756-5-0x0000000004BA0000-0x0000000004BA1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4756-6-0x0000000004B70000-0x0000000004B86000-memory.dmp
      Filesize

      88KB

      Download