Malware Analysis Report

2025-08-05 14:30

Sample ID 220523-b8p9tsbdg4
Target 45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe
SHA256 45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d
Tags
azorult infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d

Threat Level: Known bad

The file 45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe was found to be: Known bad.

Malicious Activity Summary

azorult infostealer trojan

Azorult family

Azorult

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-23 01:49

Signatures

Azorult family

azorult

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-23 01:49

Reported

2022-05-23 01:57

Platform

win7-20220414-en

Max time kernel

85s

Max time network

79s

Command Line

"C:\Users\Admin\AppData\Local\Temp\45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe"

Signatures

Azorult

trojan infostealer azorult

Processes

C:\Users\Admin\AppData\Local\Temp\45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe

"C:\Users\Admin\AppData\Local\Temp\45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe"

Network

Country Destination Domain Proto
GB 178.79.155.150:80 tcp
GB 178.79.155.150:80 tcp
GB 178.79.155.150:80 tcp

Files

memory/1908-54-0x00000000768D1000-0x00000000768D3000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-05-23 01:49

Reported

2022-05-23 01:57

Platform

win10v2004-20220414-en

Max time kernel

91s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe"

Signatures

Azorult

trojan infostealer azorult

Processes

C:\Users\Admin\AppData\Local\Temp\45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe

"C:\Users\Admin\AppData\Local\Temp\45c4cb9db8a4df096e2bea7edc05e5e1b5dad5fa753b7c17d260297b6ee6ff6d.exe"

Network

Country Destination Domain Proto
GB 178.79.155.150:80 tcp
NL 88.221.144.192:80 tcp
GB 178.79.155.150:80 tcp
FR 2.18.109.224:443 tcp
US 104.18.25.243:80 tcp
NL 13.69.109.131:443 tcp
US 204.79.197.203:80 tcp
NL 8.248.3.254:80 tcp
NL 8.248.3.254:80 tcp
US 8.251.167.126:80 tcp
US 8.8.8.8:53 226.101.242.52.in-addr.arpa udp

Files

N/A