azorult | accb399db6dbdcadd7022d05a258993119e3abeed04394921ae0aa14b2b468bf

Resubmissions

11-05-2024 17:57

240511-wjxylaac6s 10

11-05-2024 17:54

240511-whck9sab7y 10

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe
Size

472KB
MD5

35d38360b8f7bfe5ecc9dd3b5c1eabec
SHA1

c0d74936f84101199acf01a9e5951478f2cf91ba
SHA256

accb399db6dbdcadd7022d05a258993119e3abeed04394921ae0aa14b2b468bf
SHA512

2a3a851a4090936a15c9d9cbe391afd82906ff66ec913daeead0d56098429b5ed76e0aa7d6cda845de3130c417681fd09154c4a9c9907237a934f8036aac532b
SSDEEP

6144:YKAGqv0MkNUfrQVSSpn9FXDi57PXF0jB5IX3R7FGb7:YK3qUArQVSUWMB52RpGP

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

http://docusign.bit/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Unexpected DNS network traffic destination 17 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	80.233.248.109
Destination IP	94.247.43.254
Destination IP	107.172.42.186
Destination IP	151.80.147.153
Destination IP	173.249.7.187
Destination IP	50.3.82.215
Destination IP	82.141.39.32
Destination IP	198.206.14.241
Destination IP	173.212.234.232
Destination IP	46.101.70.183
Destination IP	128.52.130.209
Destination IP	172.98.193.42
Destination IP	91.217.137.44
Destination IP	130.255.78.223
Destination IP	5.45.97.127
Destination IP	162.248.241.94
Destination IP	192.52.166.110

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2400 set thread context of 2760	2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe	28

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe
2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe
2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe
2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2760	2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2760	2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2760	2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2760	2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2760	2400	35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\35d38360b8f7bfe5ecc9dd3b5c1eabec_JaffaCakes118.exe"
  2⤵
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2400-0-0x00000000000F0000-0x00000000000F6000-memory.dmp

Filesize
24KB

Download
memory/2400-23-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-1-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-47-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-46-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-45-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-44-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-43-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-42-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-41-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-40-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-39-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-38-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-37-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-36-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-35-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-34-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-33-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-32-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-31-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-30-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-29-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-28-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-27-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-26-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-25-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-24-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-22-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-21-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-20-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-19-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-18-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-17-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-16-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-15-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-14-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-13-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-12-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-11-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-10-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-9-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-8-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-7-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-6-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-5-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-4-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-3-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2400-2-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2760-48-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2760-49-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download