General
-
Target
76b26957b091fd72980a06cb3ba3478c_JaffaCakes118
-
Size
616KB
-
Sample
240526-y1h7waaf6s
-
MD5
76b26957b091fd72980a06cb3ba3478c
-
SHA1
83a89e04483d454bd23230f1af4fbb6ccd460916
-
SHA256
a95a45de6e7e40cb31e5dc7218085d919833e18ba59ed4e198981d2cfe9758dd
-
SHA512
c7cd02618648a985b9dda70eed17be83b5f1899ebae22942fd409f43b50d6c378187d2cba970c1432b7d37493d499e0be82d0ccebca1e3d477a451910dd4b6e0
-
SSDEEP
12288:jh1Lk70TnvjcdxAhBmLUtBrV4m0sL4zWIasc0VOEx0axQL:/k70TrcDA7mLUnu5asv+aC
Static task
static1
Behavioral task
behavioral1
Sample
76b26957b091fd72980a06cb3ba3478c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
76b26957b091fd72980a06cb3ba3478c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
azorult
http://kas919azor.pw/index.php
Targets
-
-
Target
76b26957b091fd72980a06cb3ba3478c_JaffaCakes118
-
Size
616KB
-
MD5
76b26957b091fd72980a06cb3ba3478c
-
SHA1
83a89e04483d454bd23230f1af4fbb6ccd460916
-
SHA256
a95a45de6e7e40cb31e5dc7218085d919833e18ba59ed4e198981d2cfe9758dd
-
SHA512
c7cd02618648a985b9dda70eed17be83b5f1899ebae22942fd409f43b50d6c378187d2cba970c1432b7d37493d499e0be82d0ccebca1e3d477a451910dd4b6e0
-
SSDEEP
12288:jh1Lk70TnvjcdxAhBmLUtBrV4m0sL4zWIasc0VOEx0axQL:/k70TrcDA7mLUnu5asv+aC
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-