azorult | bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641 | Triage

Analysis

max time kernel
94s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
21-05-2022 19:47

Sharing

Report Analysis Logs

General

Target

bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe
Size

245KB
MD5

9a2e047b25549531c3356a6cf1b6bd81
SHA1

e53961c9d5682c596d145ff7159021fb9ae38c16
SHA256

bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641
SHA512

92b9e34aa9c533fb707cf4cb91a7f619a9895012ab318997122389dd922c1a38b621863fb59d0ee59bbf065d96c92f479907951bc7ad85398ae299356e210e03

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

C2

http://136.144.41.124/razor/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4340 3624 WerFault.exe bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe

C:\Users\Admin\AppData\Local\Temp\bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe
"C:\Users\Admin\AppData\Local\Temp\bf158ab1720e6a0da531b99de882c8c4c32eb5be8a0b1be6483156c561070641.exe"
1⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 1424
2⤵
- Program crash
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3624 -ip 3624
1⤵
PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3624-130-0x000000000058C000-0x000000000059D000-memory.dmp

Filesize
68KB

Download
memory/3624-131-0x00000000004C0000-0x00000000004DD000-memory.dmp

Filesize
116KB

Download
memory/3624-132-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download