Extracted

• • Target

    012fa4aa038c48e7a63828d26d0c8aa7_JaffaCakes118

  • Size

    1.7MB

  • MD5

    012fa4aa038c48e7a63828d26d0c8aa7

  • SHA1

    7f4e2b046d09e527b13da488e95ccc81b13608c0

  • SHA256

    3ee3342f2ec8cc641ea2d46daec5c5885a47d9bbd9fa49647543c5381f672aa6

  • SHA512

    b0a5282f71cd649ebbcb86b63f9067732afedfab07200644744ee6ab8b1abcfc61118f8e0bcff14ecf0c3656a9ef238fb02bb35ed06206106198765570154c2a

  • SSDEEP

    24576:VGVLMjem0G9yzEQFi8SNKEroGjSZ/vXNIkIfwlfwy1NM/hEzv1Qqx4rDilDcbpd1:VGVcLoi2EcXNmfufwy1NUky7deprgqi

  Score

  10^/10

  azorultevasioninfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2