Overview

overview

10

Static

static

61335c8bee...8e.exe

windows7-x64

10

61335c8bee...8e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2022 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61335c8beebcfeaee694ab76e732d3b2a4cf41302a0e1ae47983b7b8f9ba7e8e.exe

  • Size

    155KB

  • MD5

    742e4a47963b3546c5fb3e8588d6e5d9

  • SHA1

    555ceec795236da78a9501800ecb388b9e418621

  • SHA256

    61335c8beebcfeaee694ab76e732d3b2a4cf41302a0e1ae47983b7b8f9ba7e8e

  • SHA512

    1a4181157266446430ddfde03f9aa3ea1c29bb9043de7056e0a7d3a4d6ff289c93368defe7062196d1d5322b2ad40ed01608577ae5d481688cb59be7a905c638

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://gtfurobertopol.org/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61335c8beebcfeaee694ab76e732d3b2a4cf41302a0e1ae47983b7b8f9ba7e8e.exe
    "C:\Users\Admin\AppData\Local\Temp\61335c8beebcfeaee694ab76e732d3b2a4cf41302a0e1ae47983b7b8f9ba7e8e.exe"
    1⤵
      PID:4996
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 1352
        2⤵
        • Program crash
        PID:4680
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4996 -ip 4996
      1⤵
        PID:3152

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4996-130-0x0000000000644000-0x0000000000656000-memory.dmp

        Filesize

        72KB

        Download

      • memory/4996-131-0x0000000000644000-0x0000000000656000-memory.dmp

        Filesize

        72KB

        Download

      • memory/4996-132-0x0000000000400000-0x000000000042D000-memory.dmp

        Filesize

        180KB

        Download

      • memory/4996-133-0x0000000000400000-0x000000000042D000-memory.dmp

        Filesize

        180KB

        Download