Extracted

• • Target

    ce4823889c3c5f42ffd5654be87d8ff3_JaffaCakes118

  • Size

    7.5MB

  • MD5

    ce4823889c3c5f42ffd5654be87d8ff3

  • SHA1

    1bd997c8492d7eb23ba6040684b51def5a3d9f82

  • SHA256

    f30bb9f65cd66b8ac6518af9bcd5628cc6a21e940a894a0750b3ac913966cf8b

  • SHA512

    c133a7402cb4f35c99ac0d97a414d59201679acf458d418fc87e3a14c124c6792ad2d33c9915042398901e6bbc24b619805a4867b453e65ef7f61358a82822dc

  • SSDEEP

    196608:ACKnhIdB4LC4BgRexpA4O1Xq7pZIBVIAg26FsluEMC/WpsvkCesIGT:DOo4m4iwg/qfDLKEC/WSvkCeH

  Score

  10^/10

  azorultdiscoveryevasioninfostealerpersistenceprivilege_escalationtrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  behavioral1behavioral2