Overview

overview

10

Static

static

5

062984754c...3f.exe

windows7-x64

10

062984754c...3f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f.exe

  • Size

    1.5MB

  • MD5

    52eac81cc6e67c2a28249295c6bcf3c5

  • SHA1

    9f8fba9b7b8404f02f4417169803d369a290910d

  • SHA256

    062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f

  • SHA512

    93109da7b23682f8d7432361cd0f09cf9b98d5b3bc2237fe786393b8e64424395a27888e036af494b129a00900250ff0e1d14e89925bafccc511eac1d52183c3

  • SSDEEP

    49152:dTvC/MTQYxsWR7acyejdjIQl6kX7sXf8n0irmNmSb6HCjsZ:RjTQYxsWR5yejdjIQl6kX7sXf8nzrm8l

Score
10/10
azorultaspackv2discoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://mhlc.shop/MC341/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f.exe
    "C:\Users\Admin\AppData\Local\Temp\062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Users\Admin\AppData\Local\Temp\COjMzYH.exe
      C:\Users\Admin\AppData\Local\Temp\COjMzYH.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2f156d3b.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4968
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f.exe"
      2⤵
        PID:1456
      • C:\Users\Admin\AppData\Local\Temp\062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f.exe
        "C:\Users\Admin\AppData\Local\Temp\062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:3756
        • C:\Windows\SysWOW64\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\062984754c78988300d9b2611b81c4f2c1bcae16380952c7ab550498b4249e3f.exe"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:316

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2f156d3b.bat
      Filesize

      189B

      MD5

      a67cb4d3fb5eeff79dca6cbab7c2fedd

      SHA1

      688d9f54a66b7421bf33dc679a948aa866da45a2

      SHA256

      3277498f4413a01039492cf5e5e9cc6679f51c622e72ee6ba35043de385d3c0f

      SHA512

      8f1e5386fb4f7763a230c086cb0379e089e44b0dddc3315aa0afe0d0d1988d123df91ce875e489c463c2179c642f38f16272086c5dc0ed5deeeb8ea8e302ac0c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\COjMzYH.exe
      Filesize

      15KB

      MD5

      f7d21de5c4e81341eccd280c11ddcc9a

      SHA1

      d4e9ef10d7685d491583c6fa93ae5d9105d815bd

      SHA256

      4485df22c627fa0bb899d79aa6ff29bc5be1dbc3caa2b7a490809338d54b7794

      SHA512

      e4553b86b083996038bacfb979ad0b86f578f95185d8efac34a77f6cc73e491d4f70e1449bbc9eb1d62f430800c1574101b270e1cb0eeed43a83049a79b636a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\fascinatress
      Filesize

      29KB

      MD5

      251b67c03269eb0a26b3ebd29d3f674d

      SHA1

      eb191243b6882ec350ee2a68af519ed4c9ecc042

      SHA256

      5becee88f98eadfe9c31755f907dd9d7abf761dc5c04f06282a770a51832a9c1

      SHA512

      9cac3a4132d28fd60e6e5adf261fad7a7b5a0424008124b5d326dddc55152f974412ac5449c9379b6b4c62f1e6dacbabf597c0ea86454ef0225d72d7f6fecc1f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\teer
      Filesize

      112KB

      MD5

      eb5e42dab0099a065bc419f2f2625b2d

      SHA1

      648e16a47742676e52092ee09a7b7fb85c141702

      SHA256

      7719810f0a3fd0e38426ae3f4252cf518288e93d360817a596379768aa33e404

      SHA512

      76597e969537b07695703e85412587655ab5707091d232c17a73ac6320f196132c443ccd1eeca34e747bc8b02a1e3497a3e5c23217cf481a83944e46cd8d7240

      Download Submit

    • memory/316-37-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/316-39-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/316-40-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/316-42-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3036-35-0x0000000000510000-0x0000000000519000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3036-5-0x0000000000510000-0x0000000000519000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3756-18-0x0000000000220000-0x00000000003B0000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3756-41-0x0000000000220000-0x00000000003B0000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4256-17-0x0000000002000000-0x0000000002004000-memory.dmp

      Filesize

      16KB

      Download

    • memory/4256-19-0x0000000000220000-0x00000000003B0000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4256-0-0x0000000000220000-0x00000000003B0000-memory.dmp

      Filesize

      1.6MB

      Download