Overview

overview

10

Static

static

8

8c48a2f0aa...91.exe

windows7_x64

10

8c48a2f0aa...91.exe

windows10_x64

10

Analysis

  • max time kernel
    29s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    15-05-2021 04:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c48a2f0aa0403e96690e4f44e37caf8cdfc46a2435bda060d957cd55312fe91.exe

  • Size

    738KB

  • MD5

    bc4a5ca7b0a92b47712b17dc6785b0b2

  • SHA1

    f770a906bef618fb4d38ccfe1b0503746ac8403a

  • SHA256

    8c48a2f0aa0403e96690e4f44e37caf8cdfc46a2435bda060d957cd55312fe91

  • SHA512

    ce025646b46327f51b91f6d743f4ff74b71244e9a4601d2b53d104b4c1445a1231527e254864b8f502f867ec477d2e6956ab8e713c87a1077578072b7391c43e

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://www.lootchem.com/nams/Panel/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Drops startup file 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c48a2f0aa0403e96690e4f44e37caf8cdfc46a2435bda060d957cd55312fe91.exe
    "C:\Users\Admin\AppData\Local\Temp\8c48a2f0aa0403e96690e4f44e37caf8cdfc46a2435bda060d957cd55312fe91.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Users\Admin\AppData\Local\Temp\8c48a2f0aa0403e96690e4f44e37caf8cdfc46a2435bda060d957cd55312fe91.exe
      "C:\Users\Admin\AppData\Local\Temp\8c48a2f0aa0403e96690e4f44e37caf8cdfc46a2435bda060d957cd55312fe91.exe"
      2⤵
        PID:1408

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1408-60-0x00000000000C0000-0x00000000000E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1408-64-0x00000000000DA1F8-mapping.dmp

      Download

    • memory/1948-59-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1948-66-0x00000000001E0000-0x00000000001E1000-memory.dmp

      Filesize

      4KB

      Download