Analysis
-
max time kernel
155s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
14-05-2022 13:50
Static task
static1
Behavioral task
behavioral1
Sample
5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe
Resource
win10v2004-20220414-en
General
-
Target
5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe
-
Size
271KB
-
MD5
ebf990d08c9d277607ab0a152fb855a7
-
SHA1
561628b5bac3aada8764c58fd9d2a0a5a8d4a978
-
SHA256
5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5
-
SHA512
7157bac3abfce87a9ddd3f4cee3ca3e2f06aa4a15a3167fa9c9f11199930fb96780dcf070ab9e4b548fb7742e9a0f974b45465fae39cf292b6f3a3b1f2c28497
Malware Config
Extracted
azorult
http://62.197.136.120/purelogs/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2932 2452 WerFault.exe 5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe"C:\Users\Admin\AppData\Local\Temp\5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 12362⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2452 -ip 24521⤵