Extracted

• • Target

    8c2e3d87b590b8acdf3b0aa26a3a115b_JaffaCakes118

  • Size

    1.7MB

  • MD5

    8c2e3d87b590b8acdf3b0aa26a3a115b

  • SHA1

    ee96e21cfa70bb9082a08f1468bae6754778ee38

  • SHA256

    1d82b1e76c9c79da1f563a3b990ad6ef521aa0685694b1e5e5acab2cb843d161

  • SHA512

    99501f6c599f4267d0dc73590b807769ee6032b3d7cf22372a2370e0d6e54502a34e07d3405a599255411cc5f977dfaac2b0f9dbbe5782f139573a96081a376d

  • SSDEEP

    49152:jEfKUv4KjEL7xOIpZ3RHDLfzS34XMXgSh:QRIBZHDLfG3qMX7

  Score

  10^/10

  azorultevasioninfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2