Overview

overview

10

Static

static

10

0f56c5738a...f08901

linux_amd64

0f56c5738a...f08901

linux_mipsel

0f56c5738a...f08901

linux_mips

219156c025...f0.exe

windows7_x64

10

219156c025...f0.exe

windows10_x64

10

2a0f53dd66...03.exe

windows7_x64

10

2a0f53dd66...03.exe

windows10_x64

10

36ef5e0db1...a0.exe

windows7_x64

10

36ef5e0db1...a0.exe

windows10_x64

10

4072fc745a...65.exe

windows7_x64

10

4072fc745a...65.exe

windows10_x64

10

42c8ded976...95.exe

windows7_x64

10

42c8ded976...95.exe

windows10_x64

10

52969fae09...5d.rtf

windows7_x64

10

52969fae09...5d.rtf

windows10_x64

10

571de4698e...31.exe

windows7_x64

10

571de4698e...31.exe

windows10_x64

10

57bb59a2c4...52.rtf

windows7_x64

10

57bb59a2c4...52.rtf

windows10_x64

10

662fbe23c8...0a.exe

windows7_x64

10

662fbe23c8...0a.exe

windows10_x64

10

70d5a71e82...91.dll

windows7_x64

1

70d5a71e82...91.dll

windows10_x64

1

71d384c258...86.exe

windows7_x64

10

71d384c258...86.exe

windows10_x64

10

79745c2263...9d.exe

windows7_x64

10

79745c2263...9d.exe

windows10_x64

10

83c46c1972...c3.exe

windows7_x64

10

83c46c1972...c3.exe

windows10_x64

10

8cecb6b01a...d0.exe

windows7_x64

10

8cecb6b01a...d0.exe

windows10_x64

10

a3feb5265e...66.exe

windows7_x64

10

Analysis

  • max time kernel
    21s
  • max time network
    119s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-07-2021 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    571de4698edff95c328d3521b11e800a3b9659ad55281dd7729b2ce2210ac931.exe

  • Size

    4.7MB

  • MD5

    a5ce2653f5f74c7ba7901f79cf9932a5

  • SHA1

    a6e4e0070694b6779627643c18850b9a16d047ee

  • SHA256

    571de4698edff95c328d3521b11e800a3b9659ad55281dd7729b2ce2210ac931

  • SHA512

    4b7d5662483e78b98841f25b61e5019424cf99e24ca7b7c87c011a0ca406b9cb8d0360aa42a260e2bdb5d1f731faddb726c13de13d8c6f6ef830f93c0da081a3

Score
10/10
azorultinfostealersuricatatrojanvmprotect

Malware Config

Extracted

Family

azorult

C2

http://185.189.151.50/7yhnm434/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M18
    suricata
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\571de4698edff95c328d3521b11e800a3b9659ad55281dd7729b2ce2210ac931.exe
    "C:\Users\Admin\AppData\Local\Temp\571de4698edff95c328d3521b11e800a3b9659ad55281dd7729b2ce2210ac931.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3628-114-0x0000000000CD0000-0x0000000000CD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3628-115-0x0000000000CE0000-0x0000000000CE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3628-116-0x0000000000400000-0x0000000000BA7000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/3628-117-0x0000000000BB0000-0x0000000000CFA000-memory.dmp
    Filesize

    1.3MB

    Download