azorult | 15c4f6855df38e988301dce1d9053e00b3619578625775dc32e8e1bbe856de01

Analysis

max time kernel
13s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

112KB
MD5

8fbf94de96942927074fc8cbb7fb4338
SHA1

1a7ab9d6cf2d304535a89ae2328e3b77ac3d204c
SHA256

15c4f6855df38e988301dce1d9053e00b3619578625775dc32e8e1bbe856de01
SHA512

c43ccaa5776e8b84ad3bc5ea337f59ab30d00e11d8dd87390e93dad032632b1d8527980674d3a439fd5d9213732e49b725aabd30b3da1ffc2c12fe3ddba9cd1e
SSDEEP

3072:KExRaX6raoCoCyz6/mqv1JR+yBtGOeheWginaq:faZ1tme+1winV

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

http://195.245.112.115/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

builder.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language builder.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4236,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:8
1⤵
PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2396-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download