Extracted

• • Target

    1ec4a26ad4d59b67be78e29ba18a7fcd_JaffaCakes118

  • Size

    316KB

  • MD5

    1ec4a26ad4d59b67be78e29ba18a7fcd

  • SHA1

    ba1b8f9b3797628c726f18386be009b28f0976b3

  • SHA256

    3b3a6ce0161991703ab6ff28e4b22e5934550f4c5573dcf61d1ed6a7e31253cd

  • SHA512

    2c990d90f804716ede668c4816b0a1661b4d0db4182a54c1a61727f8ff7fa8bdc23b3df79d543d0611fdf91a0c2c070fce2d5824a905d958c594e5abee13728c

  • SSDEEP

    6144:1eFSwR1KS+a7SpUTFdtZkhku66FFrFw7iwDi:Ma+Sp21akWFB

  Score

  10^/10

  azorultinfostealerpersistencetrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2