General
-
Target
cd64a2387affb043d0c6fa77875172d3_JaffaCakes118
-
Size
305KB
-
Sample
240831-xhs4pazbne
-
MD5
cd64a2387affb043d0c6fa77875172d3
-
SHA1
9034f522d28ec4d7c14d336183020b63191922c0
-
SHA256
42aff50907aff9750d642f923800a2d2436915126dfb93a80b4483912ebd3d77
-
SHA512
37aa181bc695bf8e511858745113d18332f7b93fc61b9d1445e15f9611f0da5acce55a2f5ab83b39ecc76af55831b680d808eb8b3ae6fd7ed8ecc90e0ad42cca
-
SSDEEP
6144:XZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6LYxiMEeNpiSE5DRDaiT1RNlMz:pANwRo+mv8QD4+0V16OhEeni5RNpXlO
Static task
static1
Behavioral task
behavioral1
Sample
cd64a2387affb043d0c6fa77875172d3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cd64a2387affb043d0c6fa77875172d3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
azorult
http://163.172.172.241/4F88736D-67C9-42B2-B024-3FC0B75F4E71/index.php
Targets
-
-
Target
cd64a2387affb043d0c6fa77875172d3_JaffaCakes118
-
Size
305KB
-
MD5
cd64a2387affb043d0c6fa77875172d3
-
SHA1
9034f522d28ec4d7c14d336183020b63191922c0
-
SHA256
42aff50907aff9750d642f923800a2d2436915126dfb93a80b4483912ebd3d77
-
SHA512
37aa181bc695bf8e511858745113d18332f7b93fc61b9d1445e15f9611f0da5acce55a2f5ab83b39ecc76af55831b680d808eb8b3ae6fd7ed8ecc90e0ad42cca
-
SSDEEP
6144:XZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6LYxiMEeNpiSE5DRDaiT1RNlMz:pANwRo+mv8QD4+0V16OhEeni5RNpXlO
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-