Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 02:06
Behavioral task
behavioral1
Sample
b16a128acc94c0f0369bb122204ac3912c0d82967934213dbd71f5ef0cbdfe94.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b16a128acc94c0f0369bb122204ac3912c0d82967934213dbd71f5ef0cbdfe94.exe
Resource
win10v2004-20241007-en
General
-
Target
b16a128acc94c0f0369bb122204ac3912c0d82967934213dbd71f5ef0cbdfe94.exe
-
Size
186KB
-
MD5
a64dd9fb7cf43792336edb4708724140
-
SHA1
7198ec1dd9ce76b7a4a65a7952066c641653ef8a
-
SHA256
b16a128acc94c0f0369bb122204ac3912c0d82967934213dbd71f5ef0cbdfe94
-
SHA512
16b1a9cafc7c4c878226074e4c5a96edd2bef951f75a771a70d1e9678c080a6552f64c852064c0ceae3dc56250be616b961e78a9f71611417113a1f547d56ac1
-
SSDEEP
3072:cFrQiRJWHZeuWCgnECF4ki/T5dpBmqx67outJM76kNqX0ksC17S381WdAd37/:ZifW5euxgnE0i/dFH67oSJGCZe8Td37/
Malware Config
Extracted
azorult
http://146.0.77.198/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
resource yara_rule behavioral1/memory/2112-0-0x0000000000400000-0x0000000000497000-memory.dmp upx behavioral1/memory/2112-1-0x0000000000400000-0x0000000000497000-memory.dmp upx behavioral1/memory/2112-5-0x0000000000400000-0x0000000000497000-memory.dmp upx behavioral1/memory/2112-7-0x0000000000400000-0x0000000000497000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b16a128acc94c0f0369bb122204ac3912c0d82967934213dbd71f5ef0cbdfe94.exe