Analysis

  • max time kernel
    90s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20/05/2022, 14:37

General

  • Target

    bin_2020-08-25_07-23.exe

  • Size

    196KB

  • MD5

    870a74fee07bf56ce6ba07e3eb5189a2

  • SHA1

    493005954a279c6c66121da6c9f5e342256600d5

  • SHA256

    12a4c66eb760b00767f525fdb8c82b4c726e88d1321ee1cebab6c15adbb4b9fd

  • SHA512

    d5d4ca77df23eea4cb8bc3f9e0345825f9c115b0dfe61263b22541610a3bf093c8fae132dd3113d9d25af36eb26066e412dc5f5873033fa6cdfbf77d70cbed71

Malware Config

Extracted

Family

azorult

C2

http://45.145.185.253/osees/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • suricata: ET MALWARE AZORult Variant.4 Checkin M2

    suricata: ET MALWARE AZORult Variant.4 Checkin M2

  • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M13

    suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M13

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bin_2020-08-25_07-23.exe
    "C:\Users\Admin\AppData\Local\Temp\bin_2020-08-25_07-23.exe"
    1⤵
      PID:2156
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 1248
        2⤵
        • Program crash
        PID:952
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2156 -ip 2156
      1⤵
        PID:4752

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2156-130-0x0000000003517000-0x0000000003529000-memory.dmp

              Filesize

              72KB

            • memory/2156-131-0x0000000003430000-0x000000000344E000-memory.dmp

              Filesize

              120KB

            • memory/2156-132-0x0000000000400000-0x000000000331F000-memory.dmp

              Filesize

              47.1MB