Overview

overview

10

Static

static

RFQ 11054.exe

windows7_x64

10

RFQ 11054.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    30-04-2021 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ 11054.exe

  • Size

    922KB

  • MD5

    927af771cdf72afe226edace22bf6c04

  • SHA1

    34420017b8a8d5c3ed6f039c11a756c193765de7

  • SHA256

    a6203ca5a80eb73bf0f245a482f68ce1ed689d9d57bfd943b3a82cdbc686391a

  • SHA512

    1a9ff3d13c653f79f188820d409a1d219f1573e77d68ecc1755105f107ea10135b796b98b0a68e2e39e4dc01b0b758a80108fbd9ead1daa4a95d19a00c450784

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://13.233.97.208/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ 11054.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ 11054.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3904
    • C:\Users\Admin\AppData\Local\Temp\RFQ 11054.exe
      "{path}"
      2⤵
        PID:64

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/64-115-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/64-116-0x000000000041A1F8-mapping.dmp

      Download

    • memory/64-117-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3904-114-0x0000000002E00000-0x0000000002E01000-memory.dmp

      Filesize

      4KB

      Download