Analysis

  • max time kernel
    115s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    23/05/2022, 01:49

General

  • Target

    5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe

  • Size

    271KB

  • MD5

    ebf990d08c9d277607ab0a152fb855a7

  • SHA1

    561628b5bac3aada8764c58fd9d2a0a5a8d4a978

  • SHA256

    5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5

  • SHA512

    7157bac3abfce87a9ddd3f4cee3ca3e2f06aa4a15a3167fa9c9f11199930fb96780dcf070ab9e4b548fb7742e9a0f974b45465fae39cf292b6f3a3b1f2c28497

Malware Config

Extracted

Family

azorult

C2

http://62.197.136.120/purelogs/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe
    "C:\Users\Admin\AppData\Local\Temp\5b717086c5e6afdecbc1bcd7b139eda033de89dfafc397e26e33138e3e2693d5.exe"
    1⤵
      PID:4936
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 1432
        2⤵
        • Program crash
        PID:2988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4936 -ip 4936
      1⤵
        PID:4540

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4936-130-0x000000000059C000-0x00000000005AE000-memory.dmp

              Filesize

              72KB

            • memory/4936-131-0x00000000008D0000-0x00000000008ED000-memory.dmp

              Filesize

              116KB

            • memory/4936-132-0x0000000000400000-0x0000000000475000-memory.dmp

              Filesize

              468KB