azorult | 97afb5bb8d8c4000a604960f593e642002f9fd4253e68b5ff37f61ae76ce9a6f | Triage

Submit
Reports

Overview

overview

Static

static

7

bd7d66648b...0a.exe

windows7-x64

bd7d66648b...0a.exe

windows10-2004-x64

Sharing

General

Target

bd7d66648bb7c0b31d5951d485ee600a
Size

3.1MB
Sample

240310-de471abb9t
MD5

bd7d66648bb7c0b31d5951d485ee600a
SHA1

360f6eb43693870d2993bc41d06a3356f3add488
SHA256

97afb5bb8d8c4000a604960f593e642002f9fd4253e68b5ff37f61ae76ce9a6f
SHA512

0b74f37db9216d32984720e16f034065d2330aadcefce870836fabf5231eb3c065fdee04368bcd2610772238360df4db94d8c33b3842d9e85ef67ed3b505d853
SSDEEP

98304:jdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:jdNB4ianUstYuUR2CSHsVP8x

Score

10^/10

azorult netwire botnet infostealer rat stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bd7d66648bb7c0b31d5951d485ee600a.exe

Resource

win7-20240221-en

azorult infostealer trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd7d66648bb7c0b31d5951d485ee600a.exe

Resource

win10v2004-20231215-en

azorult netwire botnet infostealer rat stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

https://gemateknindoperkasa.co.id/imag/index.php

Extracted

Family

netwire

C2

174.127.99.159:7882

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
May-B
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  bd7d66648bb7c0b31d5951d485ee600a
- Size
  
  3.1MB
- MD5
  
  bd7d66648bb7c0b31d5951d485ee600a
- SHA1
  
  360f6eb43693870d2993bc41d06a3356f3add488
- SHA256
  
  97afb5bb8d8c4000a604960f593e642002f9fd4253e68b5ff37f61ae76ce9a6f
- SHA512
  
  0b74f37db9216d32984720e16f034065d2330aadcefce870836fabf5231eb3c065fdee04368bcd2610772238360df4db94d8c33b3842d9e85ef67ed3b505d853
- SSDEEP
  
  98304:jdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:jdNB4ianUstYuUR2CSHsVP8x
Score

10^/10

azorult infostealer trojan upx netwire botnet rat stealer
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultinfostealertrojanupx

behavioral2

azorultnetwirebotnetinfostealerratstealertrojanupx

© 2018-2024

Terms | Privacy