Malware Analysis Report

2025-08-10 19:44

Sample ID 220520-rx47lsbefr
Target 3f8fda11518ddeef757b86d3cb3e4ec0e6b7ce697949b77e980ea1d7285fc137
SHA256 3f8fda11518ddeef757b86d3cb3e4ec0e6b7ce697949b77e980ea1d7285fc137
Tags
azorult infostealer suricata trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f8fda11518ddeef757b86d3cb3e4ec0e6b7ce697949b77e980ea1d7285fc137

Threat Level: Known bad

The file 3f8fda11518ddeef757b86d3cb3e4ec0e6b7ce697949b77e980ea1d7285fc137 was found to be: Known bad.

Malicious Activity Summary

azorult infostealer suricata trojan

Azorult

suricata: ET MALWARE AZORult Variant.4 Checkin M2

suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-20 14:35

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-05-20 14:35

Reported

2022-05-20 16:22

Platform

win10v2004-20220414-en

Max time kernel

1s

Max time network

382s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe

"C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe"

Network

Country Destination Domain Proto
FR 2.16.119.157:443 tcp
NL 104.110.191.140:80 tcp
FR 2.16.119.157:443 tcp
NL 104.110.191.133:80 tcp
NL 104.110.191.133:80 tcp
NL 104.110.191.133:80 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-20 14:35

Reported

2022-05-20 16:15

Platform

win7-20220414-en

Max time kernel

42s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe"

Signatures

Azorult

trojan infostealer azorult

suricata: ET MALWARE AZORult Variant.4 Checkin M2

suricata

suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6

suricata

Processes

C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe

"C:\Users\Admin\AppData\Local\Temp\bin_2020-08-18_13-38.exe"

Network

Country Destination Domain Proto
US 45.145.185.253:80 45.145.185.253 tcp
US 45.145.185.253:80 45.145.185.253 tcp

Files

memory/812-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

memory/812-55-0x0000000001BEC000-0x0000000001BFD000-memory.dmp

memory/812-56-0x0000000000220000-0x000000000023E000-memory.dmp

memory/812-57-0x0000000000400000-0x0000000001AA1000-memory.dmp