General
-
Target
2fcdb055e476ab664b8cafb6576f7329_JaffaCakes118
-
Size
1.8MB
-
Sample
240510-sye5jscg6t
-
MD5
2fcdb055e476ab664b8cafb6576f7329
-
SHA1
1d13dbbcc7971ada80fff2bee44dc84d1f85981c
-
SHA256
dd3f34e733ac0ac0c51ce0cba7bc026c70a7bcad306ca47122d429abf078d7ed
-
SHA512
6ee8f56b6560c8d2624e36012343409b25f2756bca04fd30c5e42f178138b90b286107ae83cc10a3439006e2a2fa3646198e72c58f7d8d306340ae3f03b88e63
-
SSDEEP
24576:jNqnCJFJXDVNmZDZY4ec9BfsuE8vkZDKMAoXJBw1eQi6WylSrLCwG8mWyIQHMvf6:M2TEZXVvk4oZfQi6xlrAyWX1JS9
Malware Config
Targets
-
-
Target
2fcdb055e476ab664b8cafb6576f7329_JaffaCakes118
-
Size
1.8MB
-
MD5
2fcdb055e476ab664b8cafb6576f7329
-
SHA1
1d13dbbcc7971ada80fff2bee44dc84d1f85981c
-
SHA256
dd3f34e733ac0ac0c51ce0cba7bc026c70a7bcad306ca47122d429abf078d7ed
-
SHA512
6ee8f56b6560c8d2624e36012343409b25f2756bca04fd30c5e42f178138b90b286107ae83cc10a3439006e2a2fa3646198e72c58f7d8d306340ae3f03b88e63
-
SSDEEP
24576:jNqnCJFJXDVNmZDZY4ec9BfsuE8vkZDKMAoXJBw1eQi6WylSrLCwG8mWyIQHMvf6:M2TEZXVvk4oZfQi6xlrAyWX1JS9
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-