Overview

overview

10

Static

static

c366d2e91b...59.exe

windows7_x64

10

c366d2e91b...59.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    66s
  • max time network
    72s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    14-05-2022 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe

  • Size

    664KB

  • MD5

    26a6ae57f34a46a63eb4a01922949e24

  • SHA1

    038fe99edcfd3297d2142102dae3bcafd7c6dad2

  • SHA256

    c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359

  • SHA512

    153c700d2b930ef83b75b85ceefe25d7e32d8295b164d9ec832776e0cdca9cc124d8c81084da2bce3761fe57baceda74e177ca7c2a88f7ec865c611dc5ab33b7

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://e4v5sa.xyz/PL341/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe
    "C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe
      "C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe"
      2⤵
        PID:1980
      • C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe
        "C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe"
        2⤵
          PID:1984
        • C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe
          "C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe"
          2⤵
            PID:2000
          • C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe
            "C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe"
            2⤵
              PID:2004
            • C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe
              "C:\Users\Admin\AppData\Local\Temp\c366d2e91be8589969d0a9ada092f3d1ba5586e2394ce811ba6ce06e00866359.exe"
              2⤵
                PID:1740

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1504-54-0x0000000000150000-0x00000000001FA000-memory.dmp
              Filesize

              680KB

              Download
            • memory/1504-55-0x0000000075271000-0x0000000075273000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1504-56-0x0000000000310000-0x0000000000322000-memory.dmp
              Filesize

              72KB

              Download
            • memory/1504-57-0x00000000051A0000-0x0000000005206000-memory.dmp
              Filesize

              408KB

              Download
            • memory/1504-58-0x0000000000910000-0x0000000000932000-memory.dmp
              Filesize

              136KB

              Download
            • memory/1740-59-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download
            • memory/1740-60-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download
            • memory/1740-62-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download
            • memory/1740-63-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download
            • memory/1740-64-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download
            • memory/1740-67-0x000000000041A684-mapping.dmp
              Download
            • memory/1740-66-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download
            • memory/1740-69-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download
            • memory/1740-71-0x0000000000400000-0x0000000000420000-memory.dmp
              Filesize

              128KB

              Download