General
-
Target
8a2291eba32b328ec2d36c22d2d9b455_JaffaCakes118
-
Size
3.2MB
-
Sample
240601-l5t4qahe4t
-
MD5
8a2291eba32b328ec2d36c22d2d9b455
-
SHA1
62c6f1dc63639dd676aa489be7660403cc34f98c
-
SHA256
b8a595a7097816f18f860d50906234b4f577644e7a90273104bcc0bee95c37b4
-
SHA512
d841ac0f6069955b1b6f01b3112ad255ca9833f815fcc659b6ad9fbe396544dda7b9906a82a1f3efd08d793115f448da3f21554cd2f54553b8cd8ffd92d1a97f
-
SSDEEP
98304:Jviz/27qWGq/TzuqCDl2Ptao7js0k5JANQ:Jviq75/Tzufj0kYNQ
Malware Config
Extracted
azorult
https://kingkredit.ru/public/style_images/master_1/azor/index.php
Targets
-
-
Target
8a2291eba32b328ec2d36c22d2d9b455_JaffaCakes118
-
Size
3.2MB
-
MD5
8a2291eba32b328ec2d36c22d2d9b455
-
SHA1
62c6f1dc63639dd676aa489be7660403cc34f98c
-
SHA256
b8a595a7097816f18f860d50906234b4f577644e7a90273104bcc0bee95c37b4
-
SHA512
d841ac0f6069955b1b6f01b3112ad255ca9833f815fcc659b6ad9fbe396544dda7b9906a82a1f3efd08d793115f448da3f21554cd2f54553b8cd8ffd92d1a97f
-
SSDEEP
98304:Jviz/27qWGq/TzuqCDl2Ptao7js0k5JANQ:Jviq75/Tzufj0kYNQ
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-