Extracted

• • Target

    e70a0a2127982ae79c14bdf5d8134d4a_JaffaCakes118

  • Size

    272KB

  • MD5

    e70a0a2127982ae79c14bdf5d8134d4a

  • SHA1

    b659dc011da0583c308a5a1d39d5bcb27fbc0336

  • SHA256

    f570125519d8cfdcc062ca28def97c43066f8ffd1d99e48c9b579ab9a5229dff

  • SHA512

    b81e9099eb1c6b027b189f64ae987f08b9ad8491f586142b970ab6f81bd496f6f9a2e2cee4f7b0e4c69ebf9338702b199983b506f1b521b9ff52b322bb35c482

  • SSDEEP

    3072:wWEJcSWEJcZsASuf9k7vpB41JzndCbPEBmMD/f3yXGsHImgQWOPaCNaCIfWEJc:wWZSWZRf9kE0bY/fCWsHImSTRxWZ

  Score

  10^/10

  azorultdiscoveryinfostealerpersistencetrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2