Overview

overview

10

Static

static

3

8a3149efdc...18.exe

windows7-x64

7

8a3149efdc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a3149efdc02588d257a287b3230836f_JaffaCakes118

  • Size

    434KB

  • Sample

    240601-mkkvzsaa4w

  • MD5

    8a3149efdc02588d257a287b3230836f

  • SHA1

    6c69f6695caafe6f4f17f5eb933e6e08324608a1

  • SHA256

    667388c6e820ec389caa87ae76cc5a0b11bf53f709ae452b307a123130230f65

  • SHA512

    54473c0a5c89819f09bf12841029c34f3257fd8658700b162d234810452acebf993fb81bb16207db88b2a21c504e3ed5513098b672cf6c690b7478bba72d15c1

  • SSDEEP

    6144:qCh6w0YQB47mkim3+AHfljOgBFDO7SlyYpVYNwKWy/8E4R6iDieTmn:qCvwvA+M9rO2PjdHc8ESPDrTw

Score
10/10
azorultagilenetinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://egonla.futbol/ya/index.php

Targets

    • Target

      8a3149efdc02588d257a287b3230836f_JaffaCakes118

    • Size

      434KB

    • MD5

      8a3149efdc02588d257a287b3230836f

    • SHA1

      6c69f6695caafe6f4f17f5eb933e6e08324608a1

    • SHA256

      667388c6e820ec389caa87ae76cc5a0b11bf53f709ae452b307a123130230f65

    • SHA512

      54473c0a5c89819f09bf12841029c34f3257fd8658700b162d234810452acebf993fb81bb16207db88b2a21c504e3ed5513098b672cf6c690b7478bba72d15c1

    • SSDEEP

      6144:qCh6w0YQB47mkim3+AHfljOgBFDO7SlyYpVYNwKWy/8E4R6iDieTmn:qCvwvA+M9rO2PjdHc8ESPDrTw

    Score
    10/10
    agilenetazorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks