azorult | 3399fa00813d7df440adaedb1817cbbec28e303fdffc46191e6415ad20c78b94

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-02-2025 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Size

331KB
MD5

5b692034c8d92d39d0dce48a26023190
SHA1

75476d84efa525812ad90774a00b8f02ae4c88d8
SHA256

3399fa00813d7df440adaedb1817cbbec28e303fdffc46191e6415ad20c78b94
SHA512

d58cf25b6729a6bbd31096e89b4dab2ff2c07da4d2da23e27268f1bf03e9a5ba184d39a96d2e157666d4c583a7c26f984d6f46a48b1b3cd010604aa5da6070b5
SSDEEP

6144:cu4PqtlK7KWQhbrsKaFnlHDqwRBbRCgf0BabAYviFsJyAFtHet:iPq/K7KWmrsKunhDfCsriqxve

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

http://jinf43ufm0edurygk49.bit/ak3nzor93jne93kwp/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Azorult family
azorult

Unexpected DNS network traffic destination 17 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	flow	ioc	pid	Process
Destination IP	20	198.206.14.241	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	2	151.80.147.153	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	7	130.255.78.223	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	9	173.249.7.187	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	10	46.101.70.183	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	12	50.3.82.215	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	13	82.141.39.32	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	19	192.52.166.110	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	3	91.217.137.44	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	6	80.233.248.109	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	8	173.212.234.232	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	11	5.45.97.127	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	14	94.247.43.254	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	15	107.172.42.186	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	16	128.52.130.209	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	17	162.248.241.94	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
Destination IP	18	172.98.193.42	2756	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_5b692034c8d92d39d0dce48a26023190_mafia.exe"
1⤵
- Unexpected DNS network traffic destination
- System Location Discovery: System Language Discovery
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2756-1-0x00000000005E0000-0x00000000006E0000-memory.dmp

Filesize
1024KB

Download
memory/2756-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2756-3-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-4-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-5-0x00000000005E0000-0x00000000006E0000-memory.dmp

Filesize
1024KB

Download
memory/2756-6-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2756-7-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-8-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-9-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-11-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-12-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-13-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-14-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-16-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-17-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2756-18-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download