Overview

overview

10

Static

static

10

1.exe

windows7-x64

3

1221.exe

windows7-x64

10

6b282d34fv2.exe

windows7-x64

1

B000CEF.exe

windows7-x64

10

Builder.exe

windows7-x64

1

POVOFJYqCo...Iu.exe

windows7-x64

1

Terracotta.exe

windows7-x64

1

TerracottaGUI.exe

windows7-x64

1

Zver.exe

windows7-x64

3

a.exe

windows7-x64

10

amdcontroller.exe

windows7-x64

10

bg.exe

windows7-x64

1

bin.exe

windows7-x64

10

bin2.exe

windows7-x64

7

ej.exe

windows7-x64

10

fban4.exe

windows7-x64

7

glash.exe

windows7-x64

1

johngotovo (2).exe

windows7-x64

10

johngotovo...al.exe

windows7-x64

10

ktg.exe

windows7-x64

1

otIXAOPqOV...LX.exe

windows7-x64

3

scvsots.exe

windows7-x64

10

setup.exe

windows7-x64

1

shit.exe

windows7-x64

10

ss.exe

windows7-x64

10

stealedd517v2.exe

windows7-x64

1

steel.exe

windows7-x64

1

ted.exe

windows7-x64

1

update_b.exe

windows7-x64

1

update_z.exe

windows7-x64

1

uyo.exe

windows7-x64

1

v72d8z2.exe

windows7-x64

1

Analysis

  • max time kernel
    20s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2023 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    johngotovo (2)_original_original.exe

  • Size

    2.6MB

  • MD5

    7cc005bf1923f56d495fd9de362f4f0e

  • SHA1

    ee9ee7221a40c86f35437bf70372a638494e01d5

  • SHA256

    c0a6c5b64a00af256ea44c2390f4b533cb7a972ea039152ab9e81fef0df2670a

  • SHA512

    6a5dad75958d0fae6b0e4ccf41268187bbe3805fb27c9808a9198b310963df8f1956f9acc394923c312e7b17bf133bc4ebeb10374467ed5d99ef2b2485a37a11

  • SSDEEP

    49152:KcNRa+mO3X9Qp7ZysBDVPdiw8fM96HOOP2qxuqGSJ+1lInYq6rpyxyD5nrnVvXzD:KcSg967ZHrxV96HV/fGS0IpIDtJXzdSe

Score
10/10
azorultinfostealertrojan

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\johngotovo (2)_original_original.exe
    "C:\Users\Admin\AppData\Local\Temp\johngotovo (2)_original_original.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Turbo.net\Sandbox\GOVNO\8.4.1.1\xsandbox.bin
    Filesize

    16B

    MD5

    ec3d19e8e9b05d025cb56c2a98ead8e7

    SHA1

    748532edeb86496c8efe5e2327501d89ec1f13df

    SHA256

    edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

    SHA512

    175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

    Download Submit
  • memory/2164-96-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-64-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-62-0x0000000076C80000-0x0000000076D90000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2164-55-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-63-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-66-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-65-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-69-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-68-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-67-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-70-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-72-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-73-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2164-82-0x0000000000250000-0x0000000000251000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-81-0x00000000001B0000-0x00000000001B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-95-0x000000007EFDB000-0x000000007EFDE000-memory.dmp
    Filesize

    12KB

    Download
  • memory/2164-83-0x0000000000260000-0x0000000000261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-84-0x0000000000280000-0x00000000002C0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2164-88-0x0000000000670000-0x00000000009B5000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-94-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2164-121-0x0000000076C80000-0x0000000076D90000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2164-57-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-78-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2164-98-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2164-99-0x0000000000400000-0x0000000000438000-memory.dmp
    Filesize

    224KB

    Download
  • memory/2164-104-0x0000000076C80000-0x0000000076D90000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2164-103-0x0000000000400000-0x0000000000438000-memory.dmp
    Filesize

    224KB

    Download
  • memory/2164-105-0x0000000002F80000-0x0000000003080000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2164-106-0x0000000003230000-0x0000000003240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2164-107-0x0000000003410000-0x0000000003510000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2164-108-0x0000000002CD0000-0x0000000002CE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2164-109-0x0000000000400000-0x0000000000438000-memory.dmp
    Filesize

    224KB

    Download
  • memory/2164-111-0x0000000003190000-0x00000000031A0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2164-110-0x0000000003510000-0x0000000003610000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2164-112-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2164-113-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2164-114-0x00000000777A0000-0x00000000777A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-115-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-116-0x0000000076C80000-0x0000000076D90000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2164-56-0x00000000777A0000-0x00000000777A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-119-0x0000000000400000-0x0000000000438000-memory.dmp
    Filesize

    224KB

    Download
  • memory/2164-97-0x000000007EFDF000-0x000000007EFE0000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2164-122-0x00000000009C0000-0x0000000000D0A000-memory.dmp
    Filesize

    3.3MB

    Download