General
-
Target
cd8f927c6ff9a70c1322cbc1d568dad5_JaffaCakes118
-
Size
1.1MB
-
Sample
240831-zgbt5avamk
-
MD5
cd8f927c6ff9a70c1322cbc1d568dad5
-
SHA1
b74efc3fc28bf9a09f21cc78d67a701c73838ee0
-
SHA256
b0f9c2a39b658ba8bb337ca04e18bddb07170733c10c1698c43183ea6177da5d
-
SHA512
9b8b8a46793394a1069c28481bc449fc9953d0338b6e95282d7c568597176e3e4ac9d093beef42cead9bcc77a1f9b693b976b396c4c5b8d75ba251576fafb87b
-
SSDEEP
24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaEVz5jYzU1HbgD5NVWb+T5:Sh+ZkldoPK8Yaa9jYU1HchCK
Static task
static1
Behavioral task
behavioral1
Sample
cd8f927c6ff9a70c1322cbc1d568dad5_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cd8f927c6ff9a70c1322cbc1d568dad5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
cd8f927c6ff9a70c1322cbc1d568dad5_JaffaCakes118
-
Size
1.1MB
-
MD5
cd8f927c6ff9a70c1322cbc1d568dad5
-
SHA1
b74efc3fc28bf9a09f21cc78d67a701c73838ee0
-
SHA256
b0f9c2a39b658ba8bb337ca04e18bddb07170733c10c1698c43183ea6177da5d
-
SHA512
9b8b8a46793394a1069c28481bc449fc9953d0338b6e95282d7c568597176e3e4ac9d093beef42cead9bcc77a1f9b693b976b396c4c5b8d75ba251576fafb87b
-
SSDEEP
24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaEVz5jYzU1HbgD5NVWb+T5:Sh+ZkldoPK8Yaa9jYU1HchCK
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-