azorult | 74a87d1c3a1b9f64de31bbd7bdfb357975c83ca45ab4475bfb9a7c672f7ee64b | Triage

Submit
Reports

Overview

overview

Static

static

7

ad2705a198...88.exe

windows11-21h2-x64

Resubmissions

02-03-2024 10:27

240302-mg7kkscg37 10

02-03-2024 10:26

240302-mgtzgscd6z 10

02-03-2024 10:26

240302-mgjhracd6y 10

28-02-2024 23:40

240228-3nt6tsgd7s 10

Sharing

General

Target

ad2705a198cb64edbf12aa09fb984f88
Size

3.1MB
Sample

240302-mgjhracd6y
MD5

ad2705a198cb64edbf12aa09fb984f88
SHA1

97fe0043aa142e0d59cade0a7dd0bf2f79246cbe
SHA256

74a87d1c3a1b9f64de31bbd7bdfb357975c83ca45ab4475bfb9a7c672f7ee64b
SHA512

5fb3eb85a6ac0dcf529fe6a0c659d802eb9fca94d59e58f57c6a99ab9a7743432d943cfd377b7dc2921e99ed808679a585f40f84ef45356ae1ea140c2aa9f66b
SSDEEP

98304:hdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:hdNB4ianUstYuUR2CSHsVP8x

Score

10^/10

azorult netwire botnet infostealer rat stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ad2705a198cb64edbf12aa09fb984f88.exe

Resource

win11-20240221-en

azorult netwire botnet infostealer rat stealer trojan upx

windows11-21h2-x64

11 signatures

1800 seconds

Malware Config

Extracted

Family

netwire

C2

174.127.99.159:7882

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
May-B
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Extracted

Family

azorult

C2

https://gemateknindoperkasa.co.id/imag/index.php

Targets

- Target
  
  ad2705a198cb64edbf12aa09fb984f88
- Size
  
  3.1MB
- MD5
  
  ad2705a198cb64edbf12aa09fb984f88
- SHA1
  
  97fe0043aa142e0d59cade0a7dd0bf2f79246cbe
- SHA256
  
  74a87d1c3a1b9f64de31bbd7bdfb357975c83ca45ab4475bfb9a7c672f7ee64b
- SHA512
  
  5fb3eb85a6ac0dcf529fe6a0c659d802eb9fca94d59e58f57c6a99ab9a7743432d943cfd377b7dc2921e99ed808679a585f40f84ef45356ae1ea140c2aa9f66b
- SSDEEP
  
  98304:hdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:hdNB4ianUstYuUR2CSHsVP8x
Score

10^/10

azorult netwire botnet infostealer rat stealer trojan upx
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultnetwirebotnetinfostealerratstealertrojanupx

© 2018-2024

Terms | Privacy