General
-
Target
f423e4da4814af3f0a2e85deede8546c_JaffaCakes118
-
Size
3.1MB
-
Sample
240416-xt892sbf6w
-
MD5
f423e4da4814af3f0a2e85deede8546c
-
SHA1
0d9d30ce5fdda6dac9b616b6e468db8af44e34b1
-
SHA256
adfe6558bd5a1a7daec955583a619308369d3c9d400b8f99d3400e0792227d8b
-
SHA512
8bfac9aa115fd18883c62fb9840c3a67d55c84e496a5be889e1fededc8890cb3c09780164761b23c9afa248bc820d9e27fda4c53c311360ab40a7f1ca9670881
-
SSDEEP
98304:8dNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8h:8dNB4ianUstYuUR2CSHsVP8h
Malware Config
Extracted
netwire
174.127.99.159:7882
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
May-B
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
azorult
https://gemateknindoperkasa.co.id/imag/index.php
Targets
-
-
Target
f423e4da4814af3f0a2e85deede8546c_JaffaCakes118
-
Size
3.1MB
-
MD5
f423e4da4814af3f0a2e85deede8546c
-
SHA1
0d9d30ce5fdda6dac9b616b6e468db8af44e34b1
-
SHA256
adfe6558bd5a1a7daec955583a619308369d3c9d400b8f99d3400e0792227d8b
-
SHA512
8bfac9aa115fd18883c62fb9840c3a67d55c84e496a5be889e1fededc8890cb3c09780164761b23c9afa248bc820d9e27fda4c53c311360ab40a7f1ca9670881
-
SSDEEP
98304:8dNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8h:8dNB4ianUstYuUR2CSHsVP8h
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-