General

  • Target

    cd8f927c6ff9a70c1322cbc1d568dad5_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240831-zgbt5avamk

  • MD5

    cd8f927c6ff9a70c1322cbc1d568dad5

  • SHA1

    b74efc3fc28bf9a09f21cc78d67a701c73838ee0

  • SHA256

    b0f9c2a39b658ba8bb337ca04e18bddb07170733c10c1698c43183ea6177da5d

  • SHA512

    9b8b8a46793394a1069c28481bc449fc9953d0338b6e95282d7c568597176e3e4ac9d093beef42cead9bcc77a1f9b693b976b396c4c5b8d75ba251576fafb87b

  • SSDEEP

    24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaEVz5jYzU1HbgD5NVWb+T5:Sh+ZkldoPK8Yaa9jYU1HchCK

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      cd8f927c6ff9a70c1322cbc1d568dad5_JaffaCakes118

    • Size

      1.1MB

    • MD5

      cd8f927c6ff9a70c1322cbc1d568dad5

    • SHA1

      b74efc3fc28bf9a09f21cc78d67a701c73838ee0

    • SHA256

      b0f9c2a39b658ba8bb337ca04e18bddb07170733c10c1698c43183ea6177da5d

    • SHA512

      9b8b8a46793394a1069c28481bc449fc9953d0338b6e95282d7c568597176e3e4ac9d093beef42cead9bcc77a1f9b693b976b396c4c5b8d75ba251576fafb87b

    • SSDEEP

      24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaEVz5jYzU1HbgD5NVWb+T5:Sh+ZkldoPK8Yaa9jYU1HchCK

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks