Analysis

  • max time kernel
    103s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/03/2025, 16:55

General

  • Target

    6630351ef0be53657ce0ae283e0211202e711c35ae4b1cf61a89c1af0fc9d7ed.exe

  • Size

    112KB

  • MD5

    e67fb4b3d1afb8bb6a7341344885fca1

  • SHA1

    de83c371ec84d9cf9a0ece535e86323aa5807cb0

  • SHA256

    6630351ef0be53657ce0ae283e0211202e711c35ae4b1cf61a89c1af0fc9d7ed

  • SHA512

    b82e6fdcfe6bc73fc6a463e8fdc78584ae318a0749e04802d5590fccc028d9ea9faba3bfd29410ec01f750bddaad29dac3184255d89d21325a49e8a2068d2b9d

  • SSDEEP

    3072:KExRaX6raoCoCyz6/mqv1JR+yBtGOeheWginUqI:faZ1tme+1winbI

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Azorult family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6630351ef0be53657ce0ae283e0211202e711c35ae4b1cf61a89c1af0fc9d7ed.exe
    "C:\Users\Admin\AppData\Local\Temp\6630351ef0be53657ce0ae283e0211202e711c35ae4b1cf61a89c1af0fc9d7ed.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB