azorult | 3d0e5cf99a69ea347ce8760882c31a97411305e3d903efd0326a9836ae6808d9

Analysis

max time kernel
5s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 14:56

Target

3d0e5cf99a69ea347ce8760882c31a97411305e3d903efd0326a9836ae6808d9N.exe
Size

2.0MB
MD5

45703af5a5e2fbb769a367deb5461940
SHA1

672273ec0100591bc033f1e01f4b69ea9f354ae1
SHA256

3d0e5cf99a69ea347ce8760882c31a97411305e3d903efd0326a9836ae6808d9
SHA512

ff00570ee73038137fada410fe0726e3d9afb344eefb3180fc17c5b2a1f35c9210b871c03572d12f9b3f8c7b0a75aac86ef6385455ec67b71639c248f38983b5
SSDEEP

24576:su6J33O0c+JY5UZ+XC0kGso6FaI1IXgM6YmenKKSUlmDaGJTA4Pqa6jUvOkQwKYi:2u0c++OCvkGs9Fap5aLKLkDl+dUvO9Y0

Score

10^/10

Family

azorult

http://0x21.in:8000/_az/

Family

quasar

Version

1.3.0.0

Botnet

EbayProfiles

5.8.88.191:443

sockartek.icu:443

Mutex

QSR_MUTEX_0kBRNrRz5TDLEQouI0

Attributes

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Quasar RAT 3 IoCs

Quasar is an open source Remote Access Tool.

Processes:

3d0e5cf99a69ea347ce8760882c31a97411305e3d903efd0326a9836ae6808d9N.exe

description	flow	ioc	Process
Key opened		\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3d0e5cf99a69ea347ce8760882c31a97411305e3d903efd0326a9836ae6808d9N.exe
	12	ip-api.com