Overview

overview

10

Static

static

3

ea8c5f227c...18.exe

windows7-x64

8

ea8c5f227c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea8c5f227cabb069c7ce01ffe47d6b60_JaffaCakes118

  • Size

    216KB

  • Sample

    240919-ele25azenb

  • MD5

    ea8c5f227cabb069c7ce01ffe47d6b60

  • SHA1

    a592222b0e9df63e65e022b2de9e837f3c39d6bf

  • SHA256

    58584394a7540f5986b06341fb2e054f8f76960913051d0338859fd048206e5c

  • SHA512

    b27213af74067f65b4bce7d4bbb37dda6531601f0def9138ea5be5ecc6b232016083283b448a72fbbb41625d13e40d1403317680a65ec20d07fdb89a96d121ef

  • SSDEEP

    6144:iTOUxPGXSSP3sqTlwRk5ZWxX+NvQG9gSSzfo2ANvCoZc+KkQ7T:iqUxPCBD+FX0QG9/Szfo2ANvCoZc+Kky

Score
10/10
azorultdiscoveryexecutioninfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://tresdaw.xyz/second/PL333/index.php

Targets

    • Target

      ea8c5f227cabb069c7ce01ffe47d6b60_JaffaCakes118

    • Size

      216KB

    • MD5

      ea8c5f227cabb069c7ce01ffe47d6b60

    • SHA1

      a592222b0e9df63e65e022b2de9e837f3c39d6bf

    • SHA256

      58584394a7540f5986b06341fb2e054f8f76960913051d0338859fd048206e5c

    • SHA512

      b27213af74067f65b4bce7d4bbb37dda6531601f0def9138ea5be5ecc6b232016083283b448a72fbbb41625d13e40d1403317680a65ec20d07fdb89a96d121ef

    • SSDEEP

      6144:iTOUxPGXSSP3sqTlwRk5ZWxX+NvQG9gSSzfo2ANvCoZc+KkQ7T:iqUxPCBD+FX0QG9/Szfo2ANvCoZc+Kky

    Score
    10/10
    discoveryexecutionazorultinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks