Extracted

• • Target

    36b991553abd5d11fd72677587fbc5e3_JaffaCakes118

  • Size

    555KB

  • MD5

    36b991553abd5d11fd72677587fbc5e3

  • SHA1

    fc2c636704a94c931a97531a3caf3eb01d3185d5

  • SHA256

    15c394cc5eddba3a3ce6d12d35483550b9c80dbd59c80bfabad1d4af3d511273

  • SHA512

    9076511209c4e08cf4b8a38841c2013012300b5c7bde93d3c47be1a85c93d6f5006399c44bf21f243836c4de2e72e4318ab0ab97082f1e33ffc25c3698ec8250

  • SSDEEP

    12288:3M9ch0UlPRbGKFFhgA5sKzQJ60XJxakR:8mh0UlcK/hgr4QnpR

  Score

  10^/10

  azorultinfostealerpersistencetrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2