azorult | f87edcf93e2be709cf12616a0c21e2204d409def6a1c0528a1705fd554f3467e

Analysis

max time kernel
5s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 23:25

Target

f87edcf93e2be709cf12616a0c21e2204d409def6a1c0528a1705fd554f3467e.exe
Size

2.0MB
MD5

8a7a833cd2f827f64c55ceb0e8f7c635
SHA1

1349e783e9ee3f9709069f443e8a7a440ff58795
SHA256

f87edcf93e2be709cf12616a0c21e2204d409def6a1c0528a1705fd554f3467e
SHA512

47da5635b0b07bbc4324bb5bc494a4bec0e020f94d8c33261f947975c2d7769505299548be6d4a6955b934f2437b3cb6b4512b493116e71209501758f0b8fe62
SSDEEP

24576:su6J33O0c+JY5UZ+XC0kGso6FaI1IXgM6YmenKKSUlmDaGJTA4Pqa6jUvOkQwKYi:2u0c++OCvkGs9Fap5aLKLkDl+dUvO9YI

Score

10^/10

Family

azorult

http://0x21.in:8000/_az/

Family

quasar

Version

1.3.0.0

Botnet

EbayProfiles

5.8.88.191:443

sockartek.icu:443

Mutex

QSR_MUTEX_0kBRNrRz5TDLEQouI0

Attributes

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Azorult family
azorult

Quasar RAT 3 IoCs

Quasar is an open source Remote Access Tool.

Processes:

f87edcf93e2be709cf12616a0c21e2204d409def6a1c0528a1705fd554f3467e.exe

description	flow	ioc	Process
Key opened		\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f87edcf93e2be709cf12616a0c21e2204d409def6a1c0528a1705fd554f3467e.exe
	13	ip-api.com