Overview

overview

10

Static

static

3

70993af369...13.exe

windows7-x64

10

70993af369...13.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    23-01-2024 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70993af369c1515d57582eca676ba213.exe

  • Size

    407KB

  • MD5

    70993af369c1515d57582eca676ba213

  • SHA1

    6f6b9251bcda2f73733dc969af7f0821617e59a7

  • SHA256

    e3d292ce4f5bfec8b177e52504dd03046795938a91b4c00560367e13016e3301

  • SHA512

    f824042315362b2c8bfff66e8a3e89e53d1acfd2dd2bd1deb618522a8ddd433df0a0adb7d1ea38bdf0df4a38f3d9085aad438c4a5e2eeb30cab0cf3af2648ed3

  • SSDEEP

    6144:rMDmO6XsxLeAEKT8OmGW3TS7moyepYbkA/B5Z+zd:rMUm7qEgkKTZ+R

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://37.0.10.179/PL341/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe
    "C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe
      "C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe"
      2⤵
        PID:2012

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2012-2-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2012-4-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2012-5-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2012-6-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2012-10-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2012-12-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2476-0-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2476-1-0x0000000000240000-0x0000000000242000-memory.dmp

      Filesize

      8KB

      Download