Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:35

General

  • Target

    bin_2020-08-18_13-38.exe

  • Size

    224KB

  • MD5

    cfb911ee72e181cb17885cddd6d81b65

  • SHA1

    1ec609ddee6f48227b06c0155d400e907b7f734c

  • SHA256

    e9eb6182c7505ca4d757a8d70e671ccb79fc9baa153407a09712cbe072e3c7ac

  • SHA512

    7db5c582434dadfeccb9cc5d400bade9a1fde1bea31c8d697646279ce85b64b2f021a1639935c676dc6b252b01fea5062ffcf8069ff96c78140c35c50d745ebd

Malware Config

Extracted

Family

azorult

C2

http://45.145.185.253/osees/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • suricata: ET MALWARE AZORult Variant.4 Checkin M2

    suricata: ET MALWARE AZORult Variant.4 Checkin M2

  • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6

    suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6

Processes

  • C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe
    "C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe"
    1⤵
      PID:812

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/812-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

            Filesize

            8KB

          • memory/812-55-0x0000000001BEC000-0x0000000001BFD000-memory.dmp

            Filesize

            68KB

          • memory/812-56-0x0000000000220000-0x000000000023E000-memory.dmp

            Filesize

            120KB

          • memory/812-57-0x0000000000400000-0x0000000001AA1000-memory.dmp

            Filesize

            22.6MB