Extracted

• • Target

    31b9bfaea5d5497f00a7c0ab00d0e47f_JaffaCakes118

  • Size

    2.2MB

  • MD5

    31b9bfaea5d5497f00a7c0ab00d0e47f

  • SHA1

    e1862fc7f0643badedc40332254325fdb4f6f78e

  • SHA256

    91f4ead9870c82ed4bb9b4759ec52c0a083c149ca027337de8680cb0a3363a05

  • SHA512

    166bf4cd09e846b59db7c27a79cc9c7e202cb9ed65788c02cd024072218bb9d7e8775dbdc03b424b2abe8f5776eca980c2e629192dd06992969c17a37fa3e339

  • SSDEEP

    49152:lpVtsGrf3UcISmuAM5MnM5WaibBrRqxhgqGJ+w8+Tn+rYTgF:lJRJ5XRibsy+wPnGn

  Score

  10^/10

  azorultinfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2