azorult | 371c309bc8395db6872fa594924b8cfd8a43fc573e20b5b447da709415452534 | Triage

Submit
Reports

Overview

overview

Static

static

3

march orde...xs.exe

windows7-x64

march orde...xs.exe

windows10-2004-x64

Sharing

General

Target

ca1488ba1cd4ef878aa5852917838017_JaffaCakes118
Size

760KB
Sample

240830-c67xjatbjd
MD5

ca1488ba1cd4ef878aa5852917838017
SHA1

f5d61d33fefc536d03c0af92b312937b7818363d
SHA256

371c309bc8395db6872fa594924b8cfd8a43fc573e20b5b447da709415452534
SHA512

adf35b5b2d61e6e73ae60749b1521e4e6baca150943d1873e3f2d604de3b6bca8f9ce0114a3ed1faaf98315b416d98b6aaacb819978a5515f4a9fe55d597630d
SSDEEP

12288:32bT58geGHOxU1YAGkEoeelYBLxkSx9J1SjP9XR5lUHb93QWQGl9L0vSn8t:gHjOiKLkEoKBVkoNwJlGJAWQIL0vp

Score

10^/10

azorult netwire botnet defense_evasion discovery infostealer rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

march order lists-xlxs.exe

Resource

win7-20240708-en

azorult netwire botnet defense_evasion discovery infostealer rat stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

march order lists-xlxs.exe

Resource

win10v2004-20240802-en

azorult netwire botnet defense_evasion discovery infostealer rat stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

185.244.30.245:3443

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
FEB9-1
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Extracted

Family

azorult

C2

https://gemateknindoperkasa.co.id/imag/index.php

Targets

- Target
  
  march order lists-xlxs.exe
- Size
  
  941KB
- MD5
  
  fd76f57eaf3745563f1bc04c48b55576
- SHA1
  
  81654506e9ac750e0377d7c4a8387078bd0308cf
- SHA256
  
  4c70825b33469b490665bf6567dbce4df3f09a223f8c762090a355cee0a6b042
- SHA512
  
  05512e3bc1ad14f0f93861c9d82886b132785401d1bedcffe0f70d429f0be752053da3e17279f3e432dfa944c4f52ef5e0b263b98d6726da0b5d46ee3dcb118f
- SSDEEP
  
  12288:AG7tVVlLGUr0DVEX1UsfqdsPjbNdmBixEHqa4sQbR8W6szcfG6JS+9xJ1NyC:LdsEFaoMpQd8W3zqG6g+3J5
Score

10^/10

azorult netwire botnet defense_evasion discovery infostealer rat stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultnetwirebotnetdefense_evasiondiscoveryinfostealerratstealertrojan

behavioral2

azorultnetwirebotnetdefense_evasiondiscoveryinfostealerratstealertrojan

© 2018-2024

Terms | Privacy