General
-
Target
e4e2d2f1abc1345a7cb5bc363889118d_JaffaCakes118
-
Size
356KB
-
Sample
240916-qx3s4szfpf
-
MD5
e4e2d2f1abc1345a7cb5bc363889118d
-
SHA1
6239d898b66d3ad28f5a416b4ac2c56ed2aef333
-
SHA256
f9f90dfda62b193b453115f26b1af317a2d1d4bf67d994fd308fb0ef757f86e1
-
SHA512
9da11bd910df7d6a0d91f7001d1605992a20dd8cae122dbe45605faa82b793e6c21a28c78e8b4540811b88fc538059ebd0a1b06bfee0fd7749d55209a31fc1b9
-
SSDEEP
6144:elalvl+g4Mu/Iuohaf3g/bwHiGjULbGXpTB8K49:e/Ifhars+Xpr4
Malware Config
Extracted
azorult
http://vitani.tk/disk/index.php
Targets
-
-
Target
e4e2d2f1abc1345a7cb5bc363889118d_JaffaCakes118
-
Size
356KB
-
MD5
e4e2d2f1abc1345a7cb5bc363889118d
-
SHA1
6239d898b66d3ad28f5a416b4ac2c56ed2aef333
-
SHA256
f9f90dfda62b193b453115f26b1af317a2d1d4bf67d994fd308fb0ef757f86e1
-
SHA512
9da11bd910df7d6a0d91f7001d1605992a20dd8cae122dbe45605faa82b793e6c21a28c78e8b4540811b88fc538059ebd0a1b06bfee0fd7749d55209a31fc1b9
-
SSDEEP
6144:elalvl+g4Mu/Iuohaf3g/bwHiGjULbGXpTB8K49:e/Ifhars+Xpr4
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-