Analysis
-
max time kernel
94s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 19:47
Static task
static1
Behavioral task
behavioral1
Sample
bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe
Resource
win10v2004-20220414-en
General
-
Target
bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe
-
Size
245KB
-
MD5
9a2e047b25549531c3356a6cf1b6bd81
-
SHA1
e53961c9d5682c596d145ff7159021fb9ae38c16
-
SHA256
bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641
-
SHA512
92b9e34aa9c533fb707cf4cb91a7f619a9895012ab318997122389dd922c1a38b621863fb59d0ee59bbf065d96c92f479907951bc7ad85398ae299356e210e03
Malware Config
Extracted
azorult
http://136.144.41.124/razor/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4340 3624 WerFault.exe bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe"C:\Users\Admin\AppData\Local\Temp\bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 14242⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3624 -ip 36241⤵