General

  • Target

    63b4fa12cceff44442c51e7bc4d0b9e0_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240521-scs5aahh5z

  • MD5

    63b4fa12cceff44442c51e7bc4d0b9e0

  • SHA1

    2eda2403c50d169085b04263f0607003bbebe007

  • SHA256

    dd3079431259f85345c35fe1a440b12354520b1ee0cab2daeab3ce6480f94da0

  • SHA512

    4818b595f87f2f914f7573130477cf4775a33a717937871ac3dd3a71cb6672ca1a2d4313b8f413e9628245b9f3d383550b37899f74c030766c08d8838e7d3538

  • SSDEEP

    24576:K5xolYQY6AAHnh+eWsN3skA4RV1Hom2KXMmHanEKUePR/P252:dY6h+ZkldoPK8Yan3k2

Malware Config

Extracted

Family

azorult

C2

http://151.106.27.237/index.php

Targets

    • Target

      63b4fa12cceff44442c51e7bc4d0b9e0_JaffaCakes118

    • Size

      1.3MB

    • MD5

      63b4fa12cceff44442c51e7bc4d0b9e0

    • SHA1

      2eda2403c50d169085b04263f0607003bbebe007

    • SHA256

      dd3079431259f85345c35fe1a440b12354520b1ee0cab2daeab3ce6480f94da0

    • SHA512

      4818b595f87f2f914f7573130477cf4775a33a717937871ac3dd3a71cb6672ca1a2d4313b8f413e9628245b9f3d383550b37899f74c030766c08d8838e7d3538

    • SSDEEP

      24576:K5xolYQY6AAHnh+eWsN3skA4RV1Hom2KXMmHanEKUePR/P252:dY6h+ZkldoPK8Yan3k2

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.