General
-
Target
75d2f7e4efad58a372fb044fce8f91cd_JaffaCakes118
-
Size
482KB
-
Sample
240526-r4yneaag56
-
MD5
75d2f7e4efad58a372fb044fce8f91cd
-
SHA1
fbe71d273cf088ff3c2fe8909b554089e75af420
-
SHA256
de223b29b8a873e16fe186d74ba40b3b074a8fae1786ffc0cfb7e8ff10f304cc
-
SHA512
471d55e22eb862838d3b54eb1adb5f5cfa76b8cdad472cae85228a60ea50c301eb87feee3b632e95af44d4853a26269e54451cc3daa59f71e8e94509a5dabc69
-
SSDEEP
12288:8ckIQPmkhhi/U2GdvqjrIXEb5XvHn+2d9hxm0Sn:9sPf26vXG5fnHSn
Malware Config
Extracted
azorult
http://t1t2.xyz/modez/3.2/index.php
Targets
-
-
Target
75d2f7e4efad58a372fb044fce8f91cd_JaffaCakes118
-
Size
482KB
-
MD5
75d2f7e4efad58a372fb044fce8f91cd
-
SHA1
fbe71d273cf088ff3c2fe8909b554089e75af420
-
SHA256
de223b29b8a873e16fe186d74ba40b3b074a8fae1786ffc0cfb7e8ff10f304cc
-
SHA512
471d55e22eb862838d3b54eb1adb5f5cfa76b8cdad472cae85228a60ea50c301eb87feee3b632e95af44d4853a26269e54451cc3daa59f71e8e94509a5dabc69
-
SSDEEP
12288:8ckIQPmkhhi/U2GdvqjrIXEb5XvHn+2d9hxm0Sn:9sPf26vXG5fnHSn
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-