Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 13:21

General

  • Target

    2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe

  • Size

    221KB

  • MD5

    2f4f27acfae56f146ba7393a8fc887f0

  • SHA1

    566da5138de6eb3b8b861e34d97257b7aec7694e

  • SHA256

    a013e5b6e43bc4750717d163538acbdbba5723d3a558824a8858242284be2881

  • SHA512

    9e7df640fc6dbdd1fc6d7b266a2a5d44ec244fc82bf717649a5d527b69a141dffc409cd82835463e5a6f5c24a95ed248fc2068cd2eb90655bc18ff39de4d0c3e

  • SSDEEP

    3072:1hr+qQIVD6v5T8m5bIEyrVJJ3DgKLZXTRncOLPiKTyRGcpSO2PfT:1hKqLVD2wrF3DHVXTJcOLPioWDu

Malware Config

Extracted

Family

azorult

C2

http://gtfurobertopol.org/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe"
    1⤵
      PID:2796

    Network

    • flag-us
      DNS
      gtfurobertopol.org
      2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      gtfurobertopol.org
      IN A
      Response
    • flag-us
      DNS
      gtfurobertopol.org
      2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      gtfurobertopol.org
      IN A
      Response
    • flag-us
      DNS
      gtfurobertopol.org
      2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      gtfurobertopol.org
      IN A
      Response
    No results found
    • 8.8.8.8:53
      gtfurobertopol.org
      dns
      2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
      64 B
      146 B
      1
      1

      DNS Request

      gtfurobertopol.org

    • 8.8.8.8:53
      gtfurobertopol.org
      dns
      2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
      128 B
      292 B
      2
      2

      DNS Request

      gtfurobertopol.org

      DNS Request

      gtfurobertopol.org

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2796-1-0x0000000000A30000-0x0000000000B30000-memory.dmp

      Filesize

      1024KB

    • memory/2796-2-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

    • memory/2796-4-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

    • memory/2796-3-0x0000000000400000-0x0000000000920000-memory.dmp

      Filesize

      5.1MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.