azorult | 3d519d709febd4bcc501ea8ba6ddd8e341c347a63f7a5085704d06544658492f | Triage

Submit
Reports

Overview

overview

Static

static

_____640.exe

windows7_x64

_____640.exe

windows10-2004_x64

Sharing

General

Target

3d519d709febd4bcc501ea8ba6ddd8e341c347a63f7a5085704d06544658492f
Size

1.4MB
Sample

220521-b6lhvsdag5
MD5

b93727f9a4bb67ad70bd24e108d46160
SHA1

f598d3a05a0c37ecf1e386d0fd028abb127e55a4
SHA256

3d519d709febd4bcc501ea8ba6ddd8e341c347a63f7a5085704d06544658492f
SHA512

56c85e83e6b320277241ffa4f5a834ef185024bfbf055b5139dc5973ee0992dad65ef47e2503a18df94c2b88dc229cf19cf9e728636107ff7e7e43c5268cc0ef

Score

10^/10

azorult netwire botnet infostealer rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

_____640.exe

Resource

win7-20220414-en

azorult netwire botnet infostealer rat stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

_____640.exe

Resource

win10v2004-20220414-en

azorult netwire botnet infostealer rat stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

https://gemateknindoperkasa.co.id/imag/index.php

Extracted

Family

netwire

C2

174.127.99.159:7882

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
May-B
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  _____640.EXE
- Size
  
  931KB
- MD5
  
  836cda1d8a9718485cc9f9653530c2d9
- SHA1
  
  fca85ff9aa624547d9a315962d82388c300edac1
- SHA256
  
  d3793a581da66ef5840648574ce364846e7c68a559c0f5e49faf9e4892ecdc72
- SHA512
  
  07ca078d79f622706d08a534f6b5e2c896152fb0d0e452781fa6be5dc90028fdf074b3b78acac438f2acf5b3f5522e70afb7db4551874a3083860213e2790481
Score

10^/10

azorult netwire botnet infostealer rat stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultnetwirebotnetinfostealerratstealertrojan

behavioral2

azorultnetwirebotnetinfostealerratstealertrojan

© 2018-2024

Terms | Privacy