Overview

overview

10

Static

static

10

0f56c5738a...f08901

linux_amd64

0f56c5738a...f08901

linux_mipsel

0f56c5738a...f08901

linux_mips

219156c025...f0.exe

windows7_x64

10

219156c025...f0.exe

windows10_x64

10

2a0f53dd66...03.exe

windows7_x64

10

2a0f53dd66...03.exe

windows10_x64

10

36ef5e0db1...a0.exe

windows7_x64

10

36ef5e0db1...a0.exe

windows10_x64

10

4072fc745a...65.exe

windows7_x64

10

4072fc745a...65.exe

windows10_x64

10

42c8ded976...95.exe

windows7_x64

10

42c8ded976...95.exe

windows10_x64

10

52969fae09...5d.rtf

windows7_x64

10

52969fae09...5d.rtf

windows10_x64

10

571de4698e...31.exe

windows7_x64

10

571de4698e...31.exe

windows10_x64

10

57bb59a2c4...52.rtf

windows7_x64

10

57bb59a2c4...52.rtf

windows10_x64

10

662fbe23c8...0a.exe

windows7_x64

10

662fbe23c8...0a.exe

windows10_x64

10

70d5a71e82...91.dll

windows7_x64

1

70d5a71e82...91.dll

windows10_x64

1

71d384c258...86.exe

windows7_x64

10

71d384c258...86.exe

windows10_x64

10

79745c2263...9d.exe

windows7_x64

10

79745c2263...9d.exe

windows10_x64

10

83c46c1972...c3.exe

windows7_x64

10

83c46c1972...c3.exe

windows10_x64

10

8cecb6b01a...d0.exe

windows7_x64

10

8cecb6b01a...d0.exe

windows10_x64

10

a3feb5265e...66.exe

windows7_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30-07-2021 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    219156c02502e38cfd6273b4293f737b8404c043de6df402b322e813f3a223f0.exe

  • Size

    135KB

  • MD5

    164076414dd3be991ebc9d4d17101296

  • SHA1

    0fa986a6834c79eb1b756b1a05954d96a770e4d7

  • SHA256

    219156c02502e38cfd6273b4293f737b8404c043de6df402b322e813f3a223f0

  • SHA512

    16e004f19d1466142d190094f7dfa0a89e61b45f1e1e161822fb0934635dfd514bf00c4020bfa6fbf2f177c1491f528be9f66fcc15f6f1ca1ecc897d01cd9d21

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://cskbtr.atspace.co.uk/my_profile/res/

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\219156c02502e38cfd6273b4293f737b8404c043de6df402b322e813f3a223f0.exe
    "C:\Users\Admin\AppData\Local\Temp\219156c02502e38cfd6273b4293f737b8404c043de6df402b322e813f3a223f0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Users\Admin\AppData\Local\Temp\windowsmediaplayer.exe
      C:\Users\Admin\AppData\Local\Temp\windowsmediaplayer.exe
      2⤵
      • Executes dropped EXE
      PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\windowsmediaplayer.exe
    MD5

    ed797d8dc2c92401985d162e42ffa450

    SHA1

    0f02fc517c7facc4baefde4fe9467fb6488ebabe

    SHA256

    b746362010a101cb5931bc066f0f4d3fc740c02a68c1f37fc3c8e6c87fd7cb1e

    SHA512

    e831a6ff987f3ef29982da16afad06938b68eddd43c234ba88d1c96a1b5547f2284baf35cbb3a5bfd75e7f0445d14daa014e0ba00b4db72c67f83f0a314c80c2

    Download Submit
  • \Users\Admin\AppData\Local\Temp\windowsmediaplayer.exe
    MD5

    ed797d8dc2c92401985d162e42ffa450

    SHA1

    0f02fc517c7facc4baefde4fe9467fb6488ebabe

    SHA256

    b746362010a101cb5931bc066f0f4d3fc740c02a68c1f37fc3c8e6c87fd7cb1e

    SHA512

    e831a6ff987f3ef29982da16afad06938b68eddd43c234ba88d1c96a1b5547f2284baf35cbb3a5bfd75e7f0445d14daa014e0ba00b4db72c67f83f0a314c80c2

    Download Submit
  • memory/908-65-0x000000000041A684-mapping.dmp
    Download
  • memory/908-64-0x0000000000400000-0x0000000000420000-memory.dmp
    Filesize

    128KB

    Download
  • memory/908-67-0x0000000000400000-0x0000000000420000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1924-59-0x0000000000980000-0x0000000000981000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1924-61-0x0000000076691000-0x0000000076693000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1924-62-0x0000000004D20000-0x0000000004D21000-memory.dmp
    Filesize

    4KB

    Download