azorult | 5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5 | Triage

Analysis

max time kernel
155s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
14-05-2022 13:50

Sharing

Report Analysis Logs

General

Target

5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe
Size

271KB
MD5

ebf990d08c9d277607ab0a152fb855a7
SHA1

561628b5bac3aada8764c58fd9d2a0a5a8d4a978
SHA256

5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5
SHA512

7157bac3abfce87a9ddd3f4cee3ca3e2f06aa4a15a3167fa9c9f11199930fb96780dcf070ab9e4b548fb7742e9a0f974b45465fae39cf292b6f3a3b1f2c28497

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://62.197.136.120/purelogs/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2932 2452 WerFault.exe 5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe

C:\Users\Admin\AppData\Local\Temp\5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe
"C:\Users\Admin\AppData\Local\Temp\5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe"
1⤵
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 1236
2⤵
- Program crash
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2452 -ip 2452
1⤵
PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2452-130-0x000000000060C000-0x000000000061E000-memory.dmp

Filesize
72KB

Download
memory/2452-131-0x00000000004B0000-0x00000000004CD000-memory.dmp

Filesize
116KB

Download
memory/2452-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download