General
-
Target
8cc827a22c2f8f104932d776af313f56_JaffaCakes118
-
Size
2.1MB
-
Sample
240602-d9e7csac79
-
MD5
8cc827a22c2f8f104932d776af313f56
-
SHA1
651f7df50e96433d5dd66f3c2302a14fe4f10fae
-
SHA256
d335f99e06035a36922fbeadbdc912fe8f060baaf4393f7936e7e4e9697c4810
-
SHA512
db31ab4f787a7ed93aff88a8e9a3977d65026918ed91b8a26d937417bfef95aebbe165290df5c19b2b378eeec74023c32386347ab88d53d447324b9c2c4f9ad1
-
SSDEEP
49152:hEfLEUKbhqSNcFoXUGPh7EmhK2QIRe5c0tegUsF8HDnSGmJM:hETE1bNNcSXUGPhVhKlIRe5nHSDSZM
Malware Config
Targets
-
-
Target
8cc827a22c2f8f104932d776af313f56_JaffaCakes118
-
Size
2.1MB
-
MD5
8cc827a22c2f8f104932d776af313f56
-
SHA1
651f7df50e96433d5dd66f3c2302a14fe4f10fae
-
SHA256
d335f99e06035a36922fbeadbdc912fe8f060baaf4393f7936e7e4e9697c4810
-
SHA512
db31ab4f787a7ed93aff88a8e9a3977d65026918ed91b8a26d937417bfef95aebbe165290df5c19b2b378eeec74023c32386347ab88d53d447324b9c2c4f9ad1
-
SSDEEP
49152:hEfLEUKbhqSNcFoXUGPh7EmhK2QIRe5c0tegUsF8HDnSGmJM:hETE1bNNcSXUGPhVhKlIRe5nHSDSZM
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-