Overview

overview

10

Static

static

3

1bdf4969e0...18.exe

windows7-x64

10

1bdf4969e0...18.exe

windows10-2004-x64

10

$APPDATA/y...ub.exe

windows7-x64

1

$APPDATA/y...ub.exe

windows10-2004-x64

1

$APPDATA/y...ui.dll

windows7-x64

1

$APPDATA/y...ui.dll

windows10-2004-x64

1

$PLUGINSDI...ge.dll

windows7-x64

1

$PLUGINSDI...ge.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/Moustache.dll

windows7-x64

10

$TEMP/Moustache.dll

windows10-2004-x64

10

$TEMP/Priggery.ps1

windows7-x64

3

$TEMP/Priggery.ps1

windows10-2004-x64

3

$TEMP/go/2...60.dll

windows7-x64

1

$TEMP/go/2...60.dll

windows10-2004-x64

1

$TEMP/go/3...60.dll

windows7-x64

1

$TEMP/go/3...60.dll

windows10-2004-x64

1

$TEMP/go/pidgen.dll

windows7-x64

1

$TEMP/go/pidgen.dll

windows10-2004-x64

3

$TEMP/uninst.exe

windows7-x64

7

$TEMP/uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-05-2024 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1bdf4969e039dce5e33bc0322e5cea21_JaffaCakes118.exe

  • Size

    309KB

  • MD5

    1bdf4969e039dce5e33bc0322e5cea21

  • SHA1

    db9d0b421d01228f35154c52ee486390c9ae30af

  • SHA256

    cdae5c24bd6813de0e0c71748062db520bb43ab16a1995e9de684e2ededa9cae

  • SHA512

    4823d9b379e1a0288fa3617527584ce4d5061ff33faf358527248bf311b230c54b594718675145a2f1266f3b03de55cf0cb210198623a7039211df4c93c9e827

  • SSDEEP

    6144:JPCganNQkFxNN+89pM2f6nqyDglKGZrwmDkRSsD827eHOld:Han6kFMMpzf6mjZkcsD8oCOld

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://sinomatics.ga/~zadmin/lk/a/az/ch/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1bdf4969e039dce5e33bc0322e5cea21_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1bdf4969e039dce5e33bc0322e5cea21_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3288
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe Moustache,Bibliopegy
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\SysWOW64\rundll32.exe"
        3⤵
          PID:3716

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Moustache.DLL
      Filesize

      41KB

      MD5

      5e68491fc9296f4067d397093f25e8f4

      SHA1

      0447a8247227fc3a12c7b9cd24cf5717f6ea8ec0

      SHA256

      47b284c8cea5f056b17bed41e272d0d61d70a169d3366a53104435bb393c1e89

      SHA512

      4a4d6f5c81f0f161e4d70fe221192f665084e1625ba35aa052a81c6c06c706d29c920066289b948998fecd8863d799f3d33be5f850e416d47bf6be0683215b7e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Priggery
      Filesize

      152KB

      MD5

      2031ea3cee9b7431f69556ba0251ab1b

      SHA1

      039305aa0d18520f771a5948bb95328c8c6555a3

      SHA256

      b1492e905ce4d71e63ef5a2fbaf69e5e8ccb19577631c88facb6b4231381fc56

      SHA512

      61fa6de1251578a816f9905e9b9066995d1e60b74d82c01a058f43ad1ffe374510fec8c8e850f2fdfdb619963d6550bc85ca035e3da4148f97ae614de3490720

      Download Submit

    • memory/1792-22-0x00000000009C0000-0x00000000009C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1792-24-0x0000000075B20000-0x0000000075B83000-memory.dmp

      Filesize

      396KB

      Download

    • memory/1792-23-0x0000000074B70000-0x0000000074C38000-memory.dmp

      Filesize

      800KB

      Download

    • memory/1792-30-0x0000000074B70000-0x0000000074C38000-memory.dmp

      Filesize

      800KB

      Download

    • memory/3716-25-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3716-27-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3716-28-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3716-29-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download