Extracted

• • Target

    a2f36ffaaba47ded173db95da644f6d7_JaffaCakes118

  • Size

    7.8MB

  • MD5

    a2f36ffaaba47ded173db95da644f6d7

  • SHA1

    b043c50ad63ec4d666c095404a17c7b9580019f2

  • SHA256

    c9927d4bbb13ca2891655d695af037ffb449eb8e2163053dacf9d59a804d3a9c

  • SHA512

    926a9851f1028081c8e39ee6559a2808e96560c0422e28d1a8ea46d3da2eafbf76535f8b19aa76e1cb90b6c3f93309587c04500516e96910cdc6daadf5669c8d

  • SSDEEP

    196608:sjIIwvgsb87DwQiiFFL4an2L/dfXaI+fVcZ1:13Stl4LL/ZaI1

  Score

  10^/10

  azorultdiscoveryevasioninfostealerpersistencetrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Executes dropped EXE

  • Loads dropped DLL

  • Registers COM server for autorun

    persistence

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2