Overview

overview

10

Static

static

3

507385b76c...18.exe

windows7-x64

7

507385b76c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.bin

  • Size

    401KB

  • Sample

    240517-3djbksge4x

  • MD5

    507385b76cdd9b6eb66bd848d5f610e7

  • SHA1

    d42e38e87d70ea197415b25dbcb06c107b7d74b8

  • SHA256

    d1b61efec101357e17ff70f1b7fb937fcea4a4c73ef24d77ed2a484315186c86

  • SHA512

    311aeb502cbcf59beda5f033a9e85dfa1afb2a0d16c90e200c4c1d846ccb46ea5c3b0df69abfee6c2dacfc51ee43e566f8c1bab8a1680e5d8243b5d54dd9c7ff

  • SSDEEP

    6144:aVmt78kc9NuzrYyyTZC9e2HyTkZtOiV64cYl5gR8O2VRrhZMYXPo3:aQJ8ZYyTZ92HyTpiV67bRiZvPM

Score
10/10
azorultagilenetinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://141.105.64.136/lekon/index.php

Targets

    • Target

      507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.bin

    • Size

      401KB

    • MD5

      507385b76cdd9b6eb66bd848d5f610e7

    • SHA1

      d42e38e87d70ea197415b25dbcb06c107b7d74b8

    • SHA256

      d1b61efec101357e17ff70f1b7fb937fcea4a4c73ef24d77ed2a484315186c86

    • SHA512

      311aeb502cbcf59beda5f033a9e85dfa1afb2a0d16c90e200c4c1d846ccb46ea5c3b0df69abfee6c2dacfc51ee43e566f8c1bab8a1680e5d8243b5d54dd9c7ff

    • SSDEEP

      6144:aVmt78kc9NuzrYyyTZC9e2HyTkZtOiV64cYl5gR8O2VRrhZMYXPo3:aQJ8ZYyTZ92HyTpiV67bRiZvPM

    Score
    10/10
    agilenetazorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks