General

  • Target

    c548ce11e698e058dd93f10830a598fd_JaffaCakes118

  • Size

    488KB

  • Sample

    240827-s2yfasxhjd

  • MD5

    c548ce11e698e058dd93f10830a598fd

  • SHA1

    1030b5fe253e087b2a84c4d8e8a07d5b7f39313f

  • SHA256

    8d707e04a8233293ec48b3bad843363388808911da22e3ceeb6ca340b3044bc8

  • SHA512

    7d75bc0500c2e3aa1860f792a69ca661096b1bd5ec753c8f290c0f188785d13b97634853a94bd2573db1e7319ecc3050d8881e0b05f0aa63e4ba36ee8e85bfb9

  • SSDEEP

    12288:eLcoLmD8td+uQCqHmvHDh0l8asK+TWOndaW7Zvf:eCod1QCfDal8vvPdZ7x

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      c548ce11e698e058dd93f10830a598fd_JaffaCakes118

    • Size

      488KB

    • MD5

      c548ce11e698e058dd93f10830a598fd

    • SHA1

      1030b5fe253e087b2a84c4d8e8a07d5b7f39313f

    • SHA256

      8d707e04a8233293ec48b3bad843363388808911da22e3ceeb6ca340b3044bc8

    • SHA512

      7d75bc0500c2e3aa1860f792a69ca661096b1bd5ec753c8f290c0f188785d13b97634853a94bd2573db1e7319ecc3050d8881e0b05f0aa63e4ba36ee8e85bfb9

    • SSDEEP

      12288:eLcoLmD8td+uQCqHmvHDh0l8asK+TWOndaW7Zvf:eCod1QCfDal8vvPdZ7x

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks