Overview

overview

10

Static

static

3

04c250233b...ce.exe

windows7-x64

10

04c250233b...ce.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04c250233b3129299539538a401d27ce.exe

  • Size

    638KB

  • MD5

    04c250233b3129299539538a401d27ce

  • SHA1

    93ccb6f505da10d165b1858a2a0326942000aee3

  • SHA256

    0db548243ee555ee8c30aa9c9f5028b2ad9783478d6f811cecb746caf6e0afe4

  • SHA512

    37fa27e02ae7c3427e24efc01e70d753b9b1e56bddeb67834f2cf18cff87bda134c475a71828c420924c86dd65bd512311d36ffe4aeaeb7033ca6ae9caec8cab

  • SSDEEP

    12288:9Bn0RN617gNm5YnXDdRgMVahjLySXJG4s1BjhdnUraNmHaS/YSw87wiZ/h:9Bn0RNlDdRg6axmSg465hdnmZ+n87b

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://203.159.80.182/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04c250233b3129299539538a401d27ce.exe
    "C:\Users\Admin\AppData\Local\Temp\04c250233b3129299539538a401d27ce.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Users\Admin\AppData\Local\Temp\04c250233b3129299539538a401d27ce.exe
      "C:\Users\Admin\AppData\Local\Temp\04c250233b3129299539538a401d27ce.exe"
      2⤵
        PID:2364

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2184-0-0x0000000001020000-0x000000000108F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/2184-1-0x00000000000F0000-0x00000000000F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2184-4-0x0000000001020000-0x000000000108F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/2364-5-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2364-6-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2364-2-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2364-7-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2364-8-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download