azorult | 6b78166c0f5f874759b7ae09cef12842cb5f1297573ced3471d0eead3643c096

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 13:58

Target

gunzipped.exe
Size

218KB
MD5

5d8d83a04a4bdbd0a2f2ee227e866ac9
SHA1

55bc24e4c522586bfca1f119ab4d21510da07ea3
SHA256

6b78166c0f5f874759b7ae09cef12842cb5f1297573ced3471d0eead3643c096
SHA512

415ea692af2993bfaf1280891e2fba6eabe28949f6b5217a0130e44aa3a2a70e9c66781be50eb2b23b7b4e1ecf595f7bb5b420e868e30d22c40e47a444090313
SSDEEP

3072:g9pdee2tb3fZJinUW1K6/n784Gm1YzQKSm7mN/9EMxZXR72XNm+cmk:g9pgPaGDU5mUEO2vcL

Score

10^/10

Family

azorult

http://94.156.65.101/cleanlogo/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3328 4488 WerFault.exe gunzipped.exe

pid	pid_target	process	target process
3328	4488	WerFault.exe	gunzipped.exe

C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
"C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
1⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 1004
2⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4488 -ip 4488
1⤵
PID:1872

memory/4488-3-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4488-2-0x00000000005E0000-0x00000000005FD000-memory.dmp

Filesize
116KB

Download
memory/4488-1-0x0000000000640000-0x0000000000740000-memory.dmp

Filesize
1024KB

Download
memory/4488-4-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4488-5-0x00000000005E0000-0x00000000005FD000-memory.dmp

Filesize
116KB

Download