General
-
Target
95ad2cee0610fedd1f032bd6d93b41af_JaffaCakes118
-
Size
425KB
-
Sample
240604-vzm8nadh6z
-
MD5
95ad2cee0610fedd1f032bd6d93b41af
-
SHA1
37a1581b576093006342fba152bfc5ab3f7b80a3
-
SHA256
9ed1b1bffe208935010433d163f8d32f7c1a751acc75e847c831c9a365cff6ef
-
SHA512
5472353cba695c61f35512932922b33fe4c7ad2ff2701f8ce754efee74c054e1466faadd9553eac709ae014d6560b982d844f0ed7fef8518c2b48216145917d5
-
SSDEEP
6144:a3RZ4yoFRA5MDCKS+Fvuv3xaW7mDx3PJ21C71hRT0rDS8clw1gWtDcVycV1AEy:aBZ4leSCJ4W7mhPJwCZQHc2NWVy+1d
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
95ad2cee0610fedd1f032bd6d93b41af_JaffaCakes118
-
Size
425KB
-
MD5
95ad2cee0610fedd1f032bd6d93b41af
-
SHA1
37a1581b576093006342fba152bfc5ab3f7b80a3
-
SHA256
9ed1b1bffe208935010433d163f8d32f7c1a751acc75e847c831c9a365cff6ef
-
SHA512
5472353cba695c61f35512932922b33fe4c7ad2ff2701f8ce754efee74c054e1466faadd9553eac709ae014d6560b982d844f0ed7fef8518c2b48216145917d5
-
SSDEEP
6144:a3RZ4yoFRA5MDCKS+Fvuv3xaW7mDx3PJ21C71hRT0rDS8clw1gWtDcVycV1AEy:aBZ4leSCJ4W7mhPJwCZQHc2NWVy+1d
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-