General
-
Target
63b4fa12cceff44442c51e7bc4d0b9e0_JaffaCakes118
-
Size
1.3MB
-
Sample
240521-scs5aahh5z
-
MD5
63b4fa12cceff44442c51e7bc4d0b9e0
-
SHA1
2eda2403c50d169085b04263f0607003bbebe007
-
SHA256
dd3079431259f85345c35fe1a440b12354520b1ee0cab2daeab3ce6480f94da0
-
SHA512
4818b595f87f2f914f7573130477cf4775a33a717937871ac3dd3a71cb6672ca1a2d4313b8f413e9628245b9f3d383550b37899f74c030766c08d8838e7d3538
-
SSDEEP
24576:K5xolYQY6AAHnh+eWsN3skA4RV1Hom2KXMmHanEKUePR/P252:dY6h+ZkldoPK8Yan3k2
Static task
static1
Behavioral task
behavioral1
Sample
63b4fa12cceff44442c51e7bc4d0b9e0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
63b4fa12cceff44442c51e7bc4d0b9e0_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
azorult
http://151.106.27.237/index.php
Targets
-
-
Target
63b4fa12cceff44442c51e7bc4d0b9e0_JaffaCakes118
-
Size
1.3MB
-
MD5
63b4fa12cceff44442c51e7bc4d0b9e0
-
SHA1
2eda2403c50d169085b04263f0607003bbebe007
-
SHA256
dd3079431259f85345c35fe1a440b12354520b1ee0cab2daeab3ce6480f94da0
-
SHA512
4818b595f87f2f914f7573130477cf4775a33a717937871ac3dd3a71cb6672ca1a2d4313b8f413e9628245b9f3d383550b37899f74c030766c08d8838e7d3538
-
SSDEEP
24576:K5xolYQY6AAHnh+eWsN3skA4RV1Hom2KXMmHanEKUePR/P252:dY6h+ZkldoPK8Yan3k2
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1