Extracted

• • Target

    8cf6f1c86bb50f5315085e73406a657e_JaffaCakes118

  • Size

    819KB

  • MD5

    8cf6f1c86bb50f5315085e73406a657e

  • SHA1

    be23eddcd67f76f056d74a78d9943b77d937dcb7

  • SHA256

    180cfdc8fc11615d1ba26c31e65c9637a20f80471f28a9a81cce42d64ff2de6e

  • SHA512

    dce5fad10fe1c4722e6cb89346e03ed3e0a1d101fdbb53670583c85f754a03a831b0fff2ef6a8de22021fdaddead16086b06ee077ac34a4cb8b1eeb2f698eb0a

  • SSDEEP

    24576:iQWyz/zAbdJv1UZ18Rx1zFw6d8N3ejqDXsG41X22rh3:iQlzCdJtOsZ+xXslY2

  Score

  10^/10

  azorultdefense_evasiondiscoveryinfostealerpersistencetrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Deobfuscate/Decode Files or Information

    Payload decoded via CertUtil.

    defense_evasion

  • Suspicious use of SetThreadContext

  behavioral1behavioral2