azorult | 3032fe1f3ccba6331c1f3efd27b12672be276656e86435942874dc41f17ef0dd | Triage

Analysis

max time kernel
144s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
14-05-2022 13:50

Sharing

Report Analysis Logs

General

Target

3032fe1f3ccba6331c1f3efd27b12672be276656e86435942874dc41f17ef0dd.exe
Size

261KB
MD5

170f2f204584c4037c240c06ef116644
SHA1

4b83b83a819273ba2bd875b022fb6632b5042f61
SHA256

3032fe1f3ccba6331c1f3efd27b12672be276656e86435942874dc41f17ef0dd
SHA512

073fbf28e5a1661f74957417afaa9422e3f0ec4de1831b732a48197f43865a57dce4e7b975d6f9133f6da2e41ee7f43911cc6647780484b09c4a9cf816f1218b

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://62.197.136.120/purelogs/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3652 3764 WerFault.exe 3032fe1f3ccba6331c1f3efd27b12672be276656e86435942874dc41f17ef0dd.exe

C:\Users\Admin\AppData\Local\Temp\3032fe1f3ccba6331c1f3efd27b12672be276656e86435942874dc41f17ef0dd.exe
"C:\Users\Admin\AppData\Local\Temp\3032fe1f3ccba6331c1f3efd27b12672be276656e86435942874dc41f17ef0dd.exe"
1⤵
PID:3764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 1228
  2⤵
  - Program crash
  PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3764 -ip 3764
1⤵
PID:4728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3764-131-0x00000000021C0000-0x00000000021D1000-memory.dmp

Filesize
68KB

Download
memory/3764-132-0x00000000021E0000-0x00000000021FD000-memory.dmp

Filesize
116KB

Download
memory/3764-133-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download