Overview

overview

10

Static

static

3

REQUEST FO...ON.exe

windows7-x64

10

REQUEST FO...ON.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddf18ed723e0c9c9159e9a543f679252_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240913-h64srs1cql

  • MD5

    ddf18ed723e0c9c9159e9a543f679252

  • SHA1

    15c25679838feed8c316ff96872d5c724465869c

  • SHA256

    4a40574a5c056ece39864aebaedc8055e5b56de8a053aed08ab21c6419125763

  • SHA512

    32e1256e05b41745df3f6a128b32954272589586afd6cd725dfe2e44dd27ef32c3387a9a68cf14e495602c54755d43fa0ccac58dd9af2b81794a6dac90b950fc

  • SSDEEP

    24576:GKw0rjJZ2a+lQmTeFEypYCEROWmFvJGMJx2308dal7Jl+midRy:GKFPJAa+llaFFdKbmFvwMJe9diJl7ido

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://18.197.52.125/index.php

Targets

    • Target

      REQUEST FOR QUOTATION.exe

    • Size

      1.2MB

    • MD5

      e9ca252dd177f5c06f0ce11a0fc51831

    • SHA1

      e7c8015ffae2632f603281f3a2fa4ddd056e953d

    • SHA256

      cadf473faf1d13c235bcb7a919e268de63acc0394d74b6ee10d9c80c59dbbb2d

    • SHA512

      eff64199b2bf9c0b9604cc9b044f42b79ff5ac3506f4208bb476655f0bc4d68aadbd99e979d4d2751fb40eb32861b89233045b3a9f0c0feeede0aef697f17ac4

    • SSDEEP

      24576:dpqP+28AXUldkBbHGM5dzEos0NxHmrs1Bg:/NpNldkBbHlsosOxHQ

    Score
    10/10
    azorultdiscoveryinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks