General

  • Target

    a577a0a898643bc68070a899c2b5f45d_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240613-pchf1axhrb

  • MD5

    a577a0a898643bc68070a899c2b5f45d

  • SHA1

    65a0a3baa98bc1629b6b1e526b9a6f329a2c475d

  • SHA256

    bd6e50992b8d302359fd95c467681e74d8bf0754ebc87c5a654c7976e16ecb66

  • SHA512

    359def7f92b2325474efb6a1855bea17ccdf9aba5d03fde0fc365df6d39205aaed4aec01e308ade7433969fafcd531095adb669928867fafcd61501b4ae85e9b

  • SSDEEP

    24576:FdHPXnvcC964ukjOs1iq8ZqI1IT96tyzU3SWf:F9vvM4sHq9QyIf

Malware Config

Extracted

Family

azorult

C2

http://jatkit.gq/0200-capt2/index.php

Targets

    • Target

      a577a0a898643bc68070a899c2b5f45d_JaffaCakes118

    • Size

      1.1MB

    • MD5

      a577a0a898643bc68070a899c2b5f45d

    • SHA1

      65a0a3baa98bc1629b6b1e526b9a6f329a2c475d

    • SHA256

      bd6e50992b8d302359fd95c467681e74d8bf0754ebc87c5a654c7976e16ecb66

    • SHA512

      359def7f92b2325474efb6a1855bea17ccdf9aba5d03fde0fc365df6d39205aaed4aec01e308ade7433969fafcd531095adb669928867fafcd61501b4ae85e9b

    • SSDEEP

      24576:FdHPXnvcC964ukjOs1iq8ZqI1IT96tyzU3SWf:F9vvM4sHq9QyIf

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks