General
-
Target
eda72a732308c90c3bdd582715e13b23_JaffaCakes118
-
Size
3.1MB
-
Sample
240411-rye9wade24
-
MD5
eda72a732308c90c3bdd582715e13b23
-
SHA1
69dddf32d2eac4ebff44a5de3db559e4b3e1f9ca
-
SHA256
52071f5178a1c3d436f8178a80e6c3fdea4f1c4c185c614ac2576be2415c53c6
-
SHA512
d94abffd240cbae7cf9a14a3294d234bf474b02e7dd8e5b63ea5674611dbd86bd06ed35128cc521dd6fdcbefab7891a10566416006f76a86a1b5d76a29d0888d
-
SSDEEP
98304:WdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8H:WdNB4ianUstYuUR2CSHsVP8H
Behavioral task
behavioral1
Sample
eda72a732308c90c3bdd582715e13b23_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Targets
-
-
Target
eda72a732308c90c3bdd582715e13b23_JaffaCakes118
-
Size
3.1MB
-
MD5
eda72a732308c90c3bdd582715e13b23
-
SHA1
69dddf32d2eac4ebff44a5de3db559e4b3e1f9ca
-
SHA256
52071f5178a1c3d436f8178a80e6c3fdea4f1c4c185c614ac2576be2415c53c6
-
SHA512
d94abffd240cbae7cf9a14a3294d234bf474b02e7dd8e5b63ea5674611dbd86bd06ed35128cc521dd6fdcbefab7891a10566416006f76a86a1b5d76a29d0888d
-
SSDEEP
98304:WdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8H:WdNB4ianUstYuUR2CSHsVP8H
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-