azorult | 3278e9c4c457276373847b00e038409b6a14170cf4cedf0879c757df80040247

Analysis

Target

OVERVIEW OF THE PROJECT.exe
Size

777KB
MD5

d4cc17b2b89c9533de2c0b2bf6805e13
SHA1

b5eb101333f67d60ea3b4d3725f76220a93194ad
SHA256

3278e9c4c457276373847b00e038409b6a14170cf4cedf0879c757df80040247
SHA512

cacf35815d2bbd5fcf0ddb15ea73b0ccf4161ad952e786565c18f5b9fc7c01cdc567b385b08c74d676f28db13443a4c946ab709270b468cd7398eeaa67e57ea8

Score

10^/10

Family

azorult

http://31.210.20.121/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Suspicious use of SetThreadContext 1 IoCs

Processes:

OVERVIEW OF THE PROJECT.exe

description pid process target process

PID 1684 set thread context of 1448 1684 OVERVIEW OF THE PROJECT.exe OVERVIEW OF THE PROJECT.exe

description	pid	process	target process
PID 1684 set thread context of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

OVERVIEW OF THE PROJECT.exe

description	pid	process	target process
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe
PID 1684 wrote to memory of 1448	1684	OVERVIEW OF THE PROJECT.exe	OVERVIEW OF THE PROJECT.exe

C:\Users\Admin\AppData\Local\Temp\OVERVIEW OF THE PROJECT.exe
"{path}"
2⤵
PID:1448

memory/1448-62-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1448-63-0x000000000041A1F8-mapping.dmp

Download
memory/1448-65-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1684-59-0x0000000075B31000-0x0000000075B33000-memory.dmp

Filesize
8KB

Download
memory/1684-60-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1684-61-0x0000000000221000-0x0000000000222000-memory.dmp

Filesize
4KB

Download