Malware Analysis Report

2025-08-05 14:29

Sample ID 220523-b8py3abdf8
Target 0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe
SHA256 0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76
Tags
azorult infostealer suricata trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76

Threat Level: Known bad

The file 0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe was found to be: Known bad.

Malicious Activity Summary

azorult infostealer suricata trojan

Azorult

suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M4

suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M13

Azorult family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-23 01:49

Signatures

Azorult family

azorult

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-23 01:49

Reported

2022-05-23 01:57

Platform

win7-20220414-en

Max time kernel

45s

Max time network

49s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe"

Signatures

Azorult

trojan infostealer azorult

suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M4

suricata

Processes

C:\Users\Admin\AppData\Local\Temp\0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe

"C:\Users\Admin\AppData\Local\Temp\0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 main.protechsource.net udp
FR 92.204.222.124:80 main.protechsource.net tcp

Files

memory/976-54-0x00000000752D1000-0x00000000752D3000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-05-23 01:49

Reported

2022-05-23 01:56

Platform

win10v2004-20220414-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe"

Signatures

Azorult

trojan infostealer azorult

suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M13

suricata

Processes

C:\Users\Admin\AppData\Local\Temp\0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe

"C:\Users\Admin\AppData\Local\Temp\0b03124d83db6547078fb5aeb18d1348a7bdd7593b136e9d5b0e93a02c5d4c76.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 main.protechsource.net udp
FR 92.204.222.124:80 main.protechsource.net tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
NL 20.190.160.73:443 tcp
NL 8.248.1.254:80 tcp
US 52.168.112.67:443 tcp
NL 20.190.160.67:443 tcp
IE 20.54.110.249:443 tcp
NL 104.97.14.80:80 tcp
NL 104.97.14.80:80 tcp
NL 20.190.160.2:443 tcp
NL 20.190.160.73:443 tcp
NL 20.190.160.136:443 tcp
NL 20.190.160.67:443 tcp
NL 20.190.160.67:443 tcp
NL 20.190.160.129:443 tcp
NL 20.190.160.2:443 tcp
NL 20.190.160.2:443 tcp
NL 20.190.160.6:443 tcp
NL 20.190.160.2:443 tcp
NL 20.190.160.136:443 tcp
NL 20.190.160.136:443 tcp
NL 20.190.160.136:443 tcp
NL 20.190.160.129:443 tcp

Files

N/A