General

  • Target

    cd64a2387affb043d0c6fa77875172d3_JaffaCakes118

  • Size

    305KB

  • Sample

    240831-xhs4pazbne

  • MD5

    cd64a2387affb043d0c6fa77875172d3

  • SHA1

    9034f522d28ec4d7c14d336183020b63191922c0

  • SHA256

    42aff50907aff9750d642f923800a2d2436915126dfb93a80b4483912ebd3d77

  • SHA512

    37aa181bc695bf8e511858745113d18332f7b93fc61b9d1445e15f9611f0da5acce55a2f5ab83b39ecc76af55831b680d808eb8b3ae6fd7ed8ecc90e0ad42cca

  • SSDEEP

    6144:XZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6LYxiMEeNpiSE5DRDaiT1RNlMz:pANwRo+mv8QD4+0V16OhEeni5RNpXlO

Malware Config

Extracted

Family

azorult

C2

http://163.172.172.241/4F88736D-67C9-42B2-B024-3FC0B75F4E71/index.php

Targets

    • Target

      cd64a2387affb043d0c6fa77875172d3_JaffaCakes118

    • Size

      305KB

    • MD5

      cd64a2387affb043d0c6fa77875172d3

    • SHA1

      9034f522d28ec4d7c14d336183020b63191922c0

    • SHA256

      42aff50907aff9750d642f923800a2d2436915126dfb93a80b4483912ebd3d77

    • SHA512

      37aa181bc695bf8e511858745113d18332f7b93fc61b9d1445e15f9611f0da5acce55a2f5ab83b39ecc76af55831b680d808eb8b3ae6fd7ed8ecc90e0ad42cca

    • SSDEEP

      6144:XZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6LYxiMEeNpiSE5DRDaiT1RNlMz:pANwRo+mv8QD4+0V16OhEeni5RNpXlO

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks