azorult | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Worm

Resubmissions

02-12-2024 17:14

241202-vr1tsatmhs 10

02-12-2024 17:08

241202-vnszrsyrar 10

Analysis

max time kernel
730s
max time network
750s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-12-2024 17:14

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Worm

Malware Config

Extracted

Family

azorult

http://boglogov.site/index.php

Extracted

Family

lokibot

http://blesblochem.com/two/gates1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Extracted

Family

crimsonrat

185.136.161.124

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Azorult family
azorult
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
ransomware badrabbit
Badrabbit family
badrabbit

Chimera 45 IoCs

Ransomware which infects local and network files, often distributed via Dropbox links.

ransomware chimera

Processes:

AgentTesla.exemsedge.exe

description	flow	ioc	Process
File created		C:\Program Files\Java\jdk-1.8\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Microsoft Office\root\Office16\1033\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\VideoLAN\VLC\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Microsoft Office\root\Office16\AugLoop\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Java\jdk-1.8\jre\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Java\jre-1.8\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\dotnet\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Microsoft Office\root\Office16\MSIPC\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Java\jre-1.8\bin\server\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\Microsoft Office\root\Office16\Configuration\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
File created		C:\Program Files\7-Zip\YOUR_FILES_ARE_ENCRYPTED.HTML	AgentTesla.exe
	1	bot.whatismyipaddress.com

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Signatures