Analysis

  • max time kernel
    36s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:37

General

  • Target

    bin_2020-08-25_07-23.exe

  • Size

    196KB

  • MD5

    870a74fee07bf56ce6ba07e3eb5189a2

  • SHA1

    493005954a279c6c66121da6c9f5e342256600d5

  • SHA256

    12a4c66eb760b00767f525fdb8c82b4c726e88d1321ee1cebab6c15adbb4b9fd

  • SHA512

    d5d4ca77df23eea4cb8bc3f9e0345825f9c115b0dfe61263b22541610a3bf093c8fae132dd3113d9d25af36eb26066e412dc5f5873033fa6cdfbf77d70cbed71

Malware Config

Extracted

Family

azorult

C2

http://45.145.185.253/osees/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

    suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

Processes

  • C:\Users\Admin\AppData\Local\Temp\bin_2020-08-25_07-23.exe
    "C:\Users\Admin\AppData\Local\Temp\bin_2020-08-25_07-23.exe"
    1⤵
      PID:848

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/848-54-0x000000000342A000-0x000000000343B000-memory.dmp

            Filesize

            68KB

          • memory/848-55-0x0000000000020000-0x000000000003E000-memory.dmp

            Filesize

            120KB

          • memory/848-56-0x0000000075951000-0x0000000075953000-memory.dmp

            Filesize

            8KB

          • memory/848-57-0x0000000000400000-0x000000000331F000-memory.dmp

            Filesize

            47.1MB