Extracted

• • Target

    a486e2fffdeaee84a9f9542f3f5468f7_JaffaCakes118

  • Size

    1.6MB

  • MD5

    a486e2fffdeaee84a9f9542f3f5468f7

  • SHA1

    9710faba37afbd9228165dccada61d72e23d1233

  • SHA256

    bc841b86857f1e9557f018b67579c1baf7977ec2109d86cb247c96d0cf52c24d

  • SHA512

    47df2008ba3e6dcced6737cbee3d23c56c2c0bb44ffdc1c8d6ec8acb0e073141a38d6dcd0cde89ee5da20edcc9db094c31c114af2a4f1b712548721dfde42f30

  • SSDEEP

    49152:coLkMFZonKflHWcGd2ThjDptRxgzTKY9Jkb5EqY1Ic5s:rLkMFPl62tnp3xMTKWl1IcG

  Score

  10^/10

  azorultevasioninfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2