Extracted

• • Target

    e6e45c67f2ce89b5b212b6c202d8e303_JaffaCakes118

  • Size

    1.1MB

  • MD5

    e6e45c67f2ce89b5b212b6c202d8e303

  • SHA1

    c1592971e40a2324a1db433c8ac718868332b440

  • SHA256

    b41299f66011a48cbf7fb2cc797b27a1c3fdbb8e6eeb4221fd39b2e758711d1a

  • SHA512

    b9b76b51dbe6c215e45d03ecc71a68d324a9178dcee31fe729bbd5f71ee3f7eaa053e0712907f6eb731dedabc573ecc3e2f876878a24c79220aa989a8a227b26

  • SSDEEP

    24576:/AHnh+eWsN3skA4RV1Hom2KXMmHaQ6lTH9JNeILmrQ15:ih+ZkldoPK8YaZjrq2

  Score

  10^/10

  azorultdiscoveryinfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2