Overview

overview

10

Static

static

10

51830643a7...fN.exe

windows7-x64

10

51830643a7...fN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2024 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51830643a7642e597a85229779b0cb714c31eac0fb78a22bda2064ebd5f9667fN.exe

  • Size

    2.0MB

  • MD5

    242a76f4255c96b4ad6bf3f41600ad10

  • SHA1

    367542f77eb1dd3051958ff6d801f2230a7f0897

  • SHA256

    51830643a7642e597a85229779b0cb714c31eac0fb78a22bda2064ebd5f9667f

  • SHA512

    bcc801a53bda81091007782811c681405093dbebffc802767ca93a5c1c765ecd127b004ebd43f7267237038668b14a9c7f2c87bc5e2549dc47f3ad832e1d5697

  • SSDEEP

    24576:su6J33O0c+JY5UZ+XC0kGso6FaI1IXgM6YmenKKSUlmDaGJTA4Pqa6jUvOkQwKYB:2u0c++OCvkGs9Fap5aLKLkDl+dUvO9YD

Score
10/10
azorultquasarebayprofilesdiscoveryinfostealerspywaretrojan

Malware Config

Extracted

Family

azorult

C2

http://0x21.in:8000/_az/

Extracted

Family

quasar

Version

1.3.0.0

Botnet

EbayProfiles

C2

5.8.88.191:443

sockartek.icu:443
Mutex

QSR_MUTEX_0kBRNrRz5TDLEQouI0

Attributes
  • encryption_key

    MWhG6wsClMX8aJM2CVXT

  • install_name

    winsock.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    win defender run

  • subdirectory

    SubDir

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Azorult family
    azorult
  • Quasar RAT 3 IoCs

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar