Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 00:57
Behavioral task
behavioral1
Sample
04464be2f14372387611ffc8091022bd811e3456fb6caa00b0061c0effdafdc9N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
04464be2f14372387611ffc8091022bd811e3456fb6caa00b0061c0effdafdc9N.exe
Resource
win10v2004-20241007-en
General
-
Target
04464be2f14372387611ffc8091022bd811e3456fb6caa00b0061c0effdafdc9N.exe
-
Size
186KB
-
MD5
e3c3cfa690a95e7980cf0ad6aa03eea0
-
SHA1
321f03c99049a8bfc0c75caf08e9d2bf4eb4efc8
-
SHA256
04464be2f14372387611ffc8091022bd811e3456fb6caa00b0061c0effdafdc9
-
SHA512
12c206083f2bbacbe7ff2109eca06515c3a1ab2919e197fae0aa79c8e4eba27d36e08d84e2cd218e90d8dd306846b4fa666b717ed503a9c19b58ba71aa495e48
-
SSDEEP
3072:cFrQiRJWHZeuWCgnECF4ki/T5dpBmqx67outJM76kNqX0ksC17S381WdAd37:ZifW5euxgnE0i/dFH67oSJGCZe8Td37
Malware Config
Extracted
azorult
http://146.0.77.198/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
resource yara_rule behavioral1/memory/2384-0-0x0000000000400000-0x0000000000497000-memory.dmp upx behavioral1/memory/2384-1-0x0000000000400000-0x0000000000497000-memory.dmp upx behavioral1/memory/2384-5-0x0000000000400000-0x0000000000497000-memory.dmp upx behavioral1/memory/2384-7-0x0000000000400000-0x0000000000497000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 04464be2f14372387611ffc8091022bd811e3456fb6caa00b0061c0effdafdc9N.exe