Analysis
-
max time kernel
90s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 14:37
Static task
static1
Behavioral task
behavioral1
Sample
bin_2020-08-25_07-23.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bin_2020-08-25_07-23.exe
Resource
win10v2004-20220414-en
General
-
Target
bin_2020-08-25_07-23.exe
-
Size
196KB
-
MD5
870a74fee07bf56ce6ba07e3eb5189a2
-
SHA1
493005954a279c6c66121da6c9f5e342256600d5
-
SHA256
12a4c66eb760b00767f525fdb8c82b4c726e88d1321ee1cebab6c15adbb4b9fd
-
SHA512
d5d4ca77df23eea4cb8bc3f9e0345825f9c115b0dfe61263b22541610a3bf093c8fae132dd3113d9d25af36eb26066e412dc5f5873033fa6cdfbf77d70cbed71
Malware Config
Extracted
azorult
http://45.145.185.253/osees/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE AZORult Variant.4 Checkin M2
suricata: ET MALWARE AZORult Variant.4 Checkin M2
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M13
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M13
-
Program crash 1 IoCs
pid pid_target Process procid_target 952 2156 WerFault.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\bin_2020-08-25_07-23.exe"C:\Users\Admin\AppData\Local\Temp\bin_2020-08-25_07-23.exe"1⤵PID:2156
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 12482⤵
- Program crash
PID:952
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2156 -ip 21561⤵PID:4752