Overview

overview

10

Static

static

3

962ff6b2e3...18.exe

windows7-x64

10

962ff6b2e3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    962ff6b2e34cd207102842e277b10c64_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240604-zg6phaag5y

  • MD5

    962ff6b2e34cd207102842e277b10c64

  • SHA1

    0127620d97bf4e89cf37712b0ebade5d797b7e4e

  • SHA256

    878cca1c6a0e0a16d7ddd8535241381ed876b182c8cc021acf5e7cc365a6d0b3

  • SHA512

    64312d92a15b48cdfe46954d4e19682b01423d862aa7cfdbccf835725249ace2ea1c6e7ccb26b3af1309e6451fc43162d2be9e093232fecf65a116075c620f76

  • SSDEEP

    98304:FTr26+VBliD4V9rmA3+eOLzLtWsDBLPH0M6XU13spwFVphxxBh7:FTr26a5jrn+eO3LtWIzzq3pEt

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      962ff6b2e34cd207102842e277b10c64_JaffaCakes118

    • Size

      5.0MB

    • MD5

      962ff6b2e34cd207102842e277b10c64

    • SHA1

      0127620d97bf4e89cf37712b0ebade5d797b7e4e

    • SHA256

      878cca1c6a0e0a16d7ddd8535241381ed876b182c8cc021acf5e7cc365a6d0b3

    • SHA512

      64312d92a15b48cdfe46954d4e19682b01423d862aa7cfdbccf835725249ace2ea1c6e7ccb26b3af1309e6451fc43162d2be9e093232fecf65a116075c620f76

    • SSDEEP

      98304:FTr26+VBliD4V9rmA3+eOLzLtWsDBLPH0M6XU13spwFVphxxBh7:FTr26a5jrn+eO3LtWIzzq3pEt

    Score
    10/10
    azorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks