Overview

overview

10

Static

static

RFQ#4734.exe

windows7_x64

10

RFQ#4734.exe

windows10_x64

10

Analysis

  • max time kernel
    39s
  • max time network
    65s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    07-04-2021 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ#4734.exe

  • Size

    693KB

  • MD5

    023215924c23ad657d1548b49c5770bc

  • SHA1

    990870961f821b677eb246dcfe0822b7b11b22b6

  • SHA256

    0ce4f6e71e484cebce7f69ca5be2c4ad6af62a637c7aa1e303052e43e0355720

  • SHA512

    2121e953ed3ca016d54b770b18c36e3c461c5aa58fc790ec60a9c7ef4aeac621f35197a61b4c9e83aef4e4941bb872255fe1713ab713a115eb47eca4604a8fcc

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://108.61.161.76/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ#4734.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ#4734.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Users\Admin\AppData\Local\Temp\RFQ#4734.exe
      "{path}"
      2⤵
        PID:744
      • C:\Users\Admin\AppData\Local\Temp\RFQ#4734.exe
        "{path}"
        2⤵
          PID:1176

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1176-3-0x0000000000400000-0x0000000000420000-memory.dmp
        Filesize

        128KB

        Download
      • memory/1176-4-0x000000000041A1F8-mapping.dmp
        Download
      • memory/1176-5-0x0000000000400000-0x0000000000420000-memory.dmp
        Filesize

        128KB

        Download
      • memory/1456-2-0x0000000001600000-0x0000000001601000-memory.dmp
        Filesize

        4KB

        Download