azorult | b5b22c5196c8dd2e5bf98c2f9f76991a4e47b6928293c1d13595fd6b368273cd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee98be0e390b545742d741a6ab6e06f2_JaffaCakes118.exe
Size

279KB
MD5

ee98be0e390b545742d741a6ab6e06f2
SHA1

b34a13386185a628b4cf5f48ae15b205580a8801
SHA256

b5b22c5196c8dd2e5bf98c2f9f76991a4e47b6928293c1d13595fd6b368273cd
SHA512

9ff94536a20498874479716f4060a7424a40e0bd44fcc3f1e3de18bac078cab02d7d7be0d2f5ac11bf1b0a9f9cd3ae4e49304e1324ac21c17ef0c6f9b509f11e
SSDEEP

6144:bBj57uDaXKm/LI5QPTsw1mMjK48iP2S81svbzHC:37mUpE5Q73HjK+P2S1vn

Score

10^/10

azorult discovery infostealer trojan

Malware Config

Extracted

Family

azorult

http://37.46.150.24/azone/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ee98be0e390b545742d741a6ab6e06f2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ee98be0e390b545742d741a6ab6e06f2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ee98be0e390b545742d741a6ab6e06f2_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2400-3-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2400-2-0x0000000000220000-0x000000000023D000-memory.dmp

Filesize
116KB

Download
memory/2400-1-0x0000000000970000-0x0000000000A70000-memory.dmp

Filesize
1024KB

Download
memory/2400-4-0x0000000000970000-0x0000000000A70000-memory.dmp

Filesize
1024KB

Download
memory/2400-6-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2400-5-0x0000000000400000-0x0000000000892000-memory.dmp

Filesize
4.6MB

Download
memory/2400-10-0x0000000000400000-0x0000000000892000-memory.dmp

Filesize
4.6MB

Download
memory/2400-13-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2400-12-0x0000000000400000-0x0000000000892000-memory.dmp

Filesize
4.6MB

Download