Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
24-08-2024 23:08
Static task
static1
Behavioral task
behavioral1
Sample
bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118.exe
-
Size
145KB
-
MD5
bf9e3feb97deec1f959daae713b28c3d
-
SHA1
c4854df587c3d1219890c2a54422671ac2d8bcff
-
SHA256
43528766dee8221ed470a6e47c84c0cbaf31ce02a8d38766eef8667528a923f0
-
SHA512
240fa68f98ca61ace0cb5637e873f415505764f8c2dc9da31bf9204f7bd6fb74d6e6e5bfa906e7c129b3cf158300cee849d193ef3aa07e01656299ba1ad4a4d8
-
SSDEEP
3072:Zf0/ZFFjpCyVHT5uQ51tdBAxHjt2NnZUZWRoxeFKa7k4d6noHi/S/oYR9:ZfoZFZQEHTsuzS58nZUZcox4Ka049
Malware Config
Extracted
azorult
http://streiro.ru/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118.exe