General
-
Target
84e97baa2648c6871baf9a9ac7021e45_JaffaCakes118
-
Size
2.2MB
-
Sample
240530-v3y5bseh9w
-
MD5
84e97baa2648c6871baf9a9ac7021e45
-
SHA1
2f4c2102c91a99d15d54b118bf257e0047ab7ad9
-
SHA256
246fe8894a13499ab5ba5831ea1977ef5fb356c914a4c19eefea5c352eed558d
-
SHA512
196c789f8df54115e5ae44f759d96ef3944ff289424f9b01fa23e065908d82ba916222f098d0a540f6e808dc00004a40cec5bb72dadddfd0e8eec5042a2ea06c
-
SSDEEP
24576:n3Gu/gXdKJ9wLeDrvuyaUs4001dUPO2zzII8T8wBhAXniNPMUywDDA8uRY9tvmwh:3f9Ik1jn8PRzuF2XiSM8gtvmTL70vb
Malware Config
Extracted
azorult
http://noforcingcarttf.com/index.php
Targets
-
-
Target
84e97baa2648c6871baf9a9ac7021e45_JaffaCakes118
-
Size
2.2MB
-
MD5
84e97baa2648c6871baf9a9ac7021e45
-
SHA1
2f4c2102c91a99d15d54b118bf257e0047ab7ad9
-
SHA256
246fe8894a13499ab5ba5831ea1977ef5fb356c914a4c19eefea5c352eed558d
-
SHA512
196c789f8df54115e5ae44f759d96ef3944ff289424f9b01fa23e065908d82ba916222f098d0a540f6e808dc00004a40cec5bb72dadddfd0e8eec5042a2ea06c
-
SSDEEP
24576:n3Gu/gXdKJ9wLeDrvuyaUs4001dUPO2zzII8T8wBhAXniNPMUywDDA8uRY9tvmwh:3f9Ik1jn8PRzuF2XiSM8gtvmTL70vb
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-