Analysis
-
max time kernel
136s -
max time network
143s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
05-05-2021 10:06
General
-
Target
Req for Quote.exe
-
Size
1.1MB
-
MD5
3edf540c2cac6f08dd893c30ee05e392
-
SHA1
ebe6d5f431e029976d6a63e752d78a2ade56a737
-
SHA256
a7167a16b72e8a302fd2861103595f01d20f1440d98945fadbbd0dca0425e089
-
SHA512
05e6b9ffb1d25673ba9c6cdbf5f3b69a6bb9c6fac2618a5bd0be9aa4fd365f273f73384c60afffe0eaeeb083c1df95d5adc737f6f3174762bf4bef320f036ad8
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://31.210.21.194/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Req for Quote.exe"C:\Users\Admin\AppData\Local\Temp\Req for Quote.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Req for Quote.exe"{path}"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/808-114-0x00000000024A0000-0x00000000024A1000-memory.dmpFilesize
4KB
-
memory/936-116-0x000000000041A1F8-mapping.dmp
-
memory/936-115-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/936-117-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB