General
-
Target
4f5852d54f7f0333d1b1b5b46b1aa198_JaffaCakes118
-
Size
2.7MB
-
Sample
240517-legqpsbh78
-
MD5
4f5852d54f7f0333d1b1b5b46b1aa198
-
SHA1
4f628db7d626873155ee474d22cea3f78cf563fd
-
SHA256
51d644e7b7d4d80e5404640dfa5f9af5d4b715c61a31f7f7fe43e2a8713d5131
-
SHA512
d9d1d07db8a68c8ea3557a94b6a390d1377d8efa1c9840975b326149a65726cdacec3d1da8b33529f9b22f102e4d8baa5ecf92bb7ab7cba7abf07c14f47e041b
-
SSDEEP
49152:jao4F8of+GqWg/681WE99HS0RucgTyWKsGynvo+VXu4wWMo81veBhO3iH:2F8EJwxWY9HhlgTyLynAKXQUUvOhO3i
Static task
static1
Behavioral task
behavioral1
Sample
4f5852d54f7f0333d1b1b5b46b1aa198_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4f5852d54f7f0333d1b1b5b46b1aa198_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
4f5852d54f7f0333d1b1b5b46b1aa198_JaffaCakes118
-
Size
2.7MB
-
MD5
4f5852d54f7f0333d1b1b5b46b1aa198
-
SHA1
4f628db7d626873155ee474d22cea3f78cf563fd
-
SHA256
51d644e7b7d4d80e5404640dfa5f9af5d4b715c61a31f7f7fe43e2a8713d5131
-
SHA512
d9d1d07db8a68c8ea3557a94b6a390d1377d8efa1c9840975b326149a65726cdacec3d1da8b33529f9b22f102e4d8baa5ecf92bb7ab7cba7abf07c14f47e041b
-
SSDEEP
49152:jao4F8of+GqWg/681WE99HS0RucgTyWKsGynvo+VXu4wWMo81veBhO3iH:2F8EJwxWY9HhlgTyLynAKXQUUvOhO3i
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-