Overview

overview

10

Static

static

3

89b375b11a...18.exe

windows7-x64

10

89b375b11a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89b375b11a22e342b2d3a23fc64fd72f_JaffaCakes118

  • Size

    739KB

  • Sample

    240601-hya6gsde5z

  • MD5

    89b375b11a22e342b2d3a23fc64fd72f

  • SHA1

    361470a327f354d042991d2e05c99b81dd95cee4

  • SHA256

    b6c584f799db3c039ccc12e00fa5ae920e9d245b61c6377c809d500183e7f4c4

  • SHA512

    f6856a8919edcc7f886651a936b1500b5558e90c5f9b475c04d3677acc4885402426d3df586e9133da3cef881e0482485633a0fd46d2fbf38a7f37090c24000b

  • SSDEEP

    6144:oi6GwW89A84mdnI0uKTWlQitmwdPLWIUMExSuKBEUFTLH8Hc:qX/I0FTWlQjwdPL9D9uKBR6

Score
10/10
azorultagilenetinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

https://losjardinesdejavier.com/admin/32/index.php

Targets

    • Target

      89b375b11a22e342b2d3a23fc64fd72f_JaffaCakes118

    • Size

      739KB

    • MD5

      89b375b11a22e342b2d3a23fc64fd72f

    • SHA1

      361470a327f354d042991d2e05c99b81dd95cee4

    • SHA256

      b6c584f799db3c039ccc12e00fa5ae920e9d245b61c6377c809d500183e7f4c4

    • SHA512

      f6856a8919edcc7f886651a936b1500b5558e90c5f9b475c04d3677acc4885402426d3df586e9133da3cef881e0482485633a0fd46d2fbf38a7f37090c24000b

    • SSDEEP

      6144:oi6GwW89A84mdnI0uKTWlQitmwdPLWIUMExSuKBEUFTLH8Hc:qX/I0FTWlQjwdPL9D9uKBR6

    Score
    10/10
    azorultagilenetinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks