Overview

overview

10

Static

static

TNT SHIPPI...NT.exe

windows7_x64

10

TNT SHIPPI...NT.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TNT SHIPPING DOCUMENT.exe

  • Size

    267KB

  • MD5

    4d921621521f649ea4741d7687f4fa34

  • SHA1

    01118b049ea747d80ed65742f95c88f16fe92cdb

  • SHA256

    94d39d6f9db604c0b356bb0115d361c9243bc67cb9a657e5310debed783cb6d3

  • SHA512

    6ee927ef7f43aac9e75a9c3e43cd4cd9b51de1973709fb21a7c4e027e77622cd5b5e143b7670535e7a7a580800a5d8b9549d8e106a1f508290c53f3d58708e3f

Score
10/10
azorultevasioninfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://waterchem.com.tr/css/Panel/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Looks for VirtualBox Guest Additions in registry 2 TTPs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Uses the VBS compiler for execution 1 TTPs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TNT SHIPPING DOCUMENT.exe
    "C:\Users\Admin\AppData\Local\Temp\TNT SHIPPING DOCUMENT.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "{path}"
      2⤵
        PID:2792

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2520-130-0x0000000074C10000-0x00000000751C1000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2792-131-0x0000000000000000-mapping.dmp

      Download

    • memory/2792-132-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2792-134-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2792-135-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download