General

  • Target

    cd029e33c112b708012d38f23e04e9f6_JaffaCakes118

  • Size

    153KB

  • Sample

    240831-r69tfsyfnp

  • MD5

    cd029e33c112b708012d38f23e04e9f6

  • SHA1

    2b155579b45a6121d48b3673ee68902e76f46f71

  • SHA256

    43f97bcde426b7ee438e80e127dfa750b1b3c9a0b1b387b6188f8f0d011b2359

  • SHA512

    4facbb3c2e0196b5f4db1cf8b8f59b0726dde22434015f15c91709683a479f4b49a2fd8907777e7e442555f2069583cc8ccb979fac33ce8124b61d336d622f9d

  • SSDEEP

    3072:UrH42HWGkZ2aMFy0qtlum26GH7pVB5j8vrzabpnVcRC+Szaf8gd5E+uLCi+J+N:iYaW2y0qt0m2B7/Dj02pnVCSzdWE+uLB

Malware Config

Extracted

Family

azorult

C2

http://ssl.admin.itybuy.it/azs/index.php

Targets

    • Target

      loop.exe

    • Size

      252KB

    • MD5

      d2eaaf2acb0a9894ba2c8d33d821d693

    • SHA1

      6d1d1bb054a119c0eaa6bb51ba9ecebf4967adb8

    • SHA256

      f28b127825a864671be79c6a44a627ef806b5f3b483a65b100ca3b1884c1864c

    • SHA512

      c36fe63995d6d4ffb9fb870f6bd373d7c92730986187f43e2c8b231b2d4e11f729339f6f5ba9812be7c55a48b68d7ab51ebb8279ea12d1b5b1489c7a3d5978e4

    • SSDEEP

      6144:tQsOuwyaS3S4409JQI74/PBW7RSd5qDY:+sOJyaIS4rzlERW7R44D

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks