Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 13:21
Static task
static1
Behavioral task
behavioral1
Sample
2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
-
Size
221KB
-
MD5
2f4f27acfae56f146ba7393a8fc887f0
-
SHA1
566da5138de6eb3b8b861e34d97257b7aec7694e
-
SHA256
a013e5b6e43bc4750717d163538acbdbba5723d3a558824a8858242284be2881
-
SHA512
9e7df640fc6dbdd1fc6d7b266a2a5d44ec244fc82bf717649a5d527b69a141dffc409cd82835463e5a6f5c24a95ed248fc2068cd2eb90655bc18ff39de4d0c3e
-
SSDEEP
3072:1hr+qQIVD6v5T8m5bIEyrVJJ3DgKLZXTRncOLPiKTyRGcpSO2PfT:1hKqLVD2wrF3DHVXTJcOLPioWDu
Malware Config
Extracted
azorult
http://gtfurobertopol.org/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
Processes
Network
-
Remote address:8.8.8.8:53Requestgtfurobertopol.orgIN AResponse
-
Remote address:8.8.8.8:53Requestgtfurobertopol.orgIN AResponse
-
Remote address:8.8.8.8:53Requestgtfurobertopol.orgIN AResponse