Overview

overview

10

Static

static

10

keygen-pr.exe

windows7-x64

3

keygen-pr.exe

windows10-2004-x64

3

keygen-step-1.exe

windows7-x64

10

keygen-step-1.exe

windows10-2004-x64

10

keygen-step-3.exe

windows7-x64

7

keygen-step-3.exe

windows10-2004-x64

7

keygen-step-4.exe

windows7-x64

10

keygen-step-4.exe

windows10-2004-x64

10

keygen-step-6.exe

windows7-x64

7

keygen-step-6.exe

windows10-2004-x64

7

keygen.bat

windows7-x64

10

keygen.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08/11/2024, 22:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keygen-step-1.exe

  • Size

    112KB

  • MD5

    c615d0bfa727f494fee9ecb3f0acf563

  • SHA1

    6c3509ae64abc299a7afa13552c4fe430071f087

  • SHA256

    95d91febc45d03c1ee477c127bcbd332cd6fbce1e91105004af723594e6f0199

  • SHA512

    d97256eb93d8e546f5fb5c61bebe61e7dfab316eb7685be83782bd36b28df3f80880e7b823197a4b6bae1af7b9460c4c81357dd44ed199ab93ccaee5acc10e51

  • SSDEEP

    3072:KExRaX6raoCoCyz6/mqv1JR+yBtGOeaeWgiZq:faZ1tme++wio

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://kvaka.li/1210776429.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Azorult family
    azorult
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\keygen-step-1.exe
    "C:\Users\Admin\AppData\Local\Temp\keygen-step-1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2380

Network

  • flag-us
    DNS
    kvaka.li
    keygen-step-1.exe
    Remote address:
    8.8.8.8:53
    Request
    kvaka.li
    IN A
    Response
  • flag-us
    DNS
    kvaka.li
    keygen-step-1.exe
    Remote address:
    8.8.8.8:53
    Request
    kvaka.li
    IN A
    Response
No results found
  • 8.8.8.8:53
    kvaka.li
    dns
    keygen-step-1.exe
    54 B
     119 B
     1
    1

    DNS Request

    kvaka.li

  • 8.8.8.8:53
    kvaka.li
    dns
    keygen-step-1.exe
    54 B
     119 B
     1
    1

    DNS Request

    kvaka.li

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2380-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.