General

  • Target

    eeed405f3209bd54c4fd527ead6b0779_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240921-c755bs1gnk

  • MD5

    eeed405f3209bd54c4fd527ead6b0779

  • SHA1

    463a31fe8d5f37248ee7211e91ba988fe8a9a03b

  • SHA256

    a40fdafd79bca9efe3b14ae56b6a074d58970b1954e5c0bf0412a510f8b4d5cb

  • SHA512

    dfe9d04669a998bef4f1350cfea36f6ef1871c29f4229401ebef29b3460a801245dec01f8b2fd5ec3f23207f671dc754263b2e1825278251bc026510dace138d

  • SSDEEP

    24576:9dHPXnvcC964ukjOs1iq8ZqI1IT96t8mF7dI4Tr9:99vvM4sHq9Q8q7Vt

Malware Config

Extracted

Family

azorult

C2

http://jatkit.ga/h0l/index.php

Targets

    • Target

      eeed405f3209bd54c4fd527ead6b0779_JaffaCakes118

    • Size

      1.1MB

    • MD5

      eeed405f3209bd54c4fd527ead6b0779

    • SHA1

      463a31fe8d5f37248ee7211e91ba988fe8a9a03b

    • SHA256

      a40fdafd79bca9efe3b14ae56b6a074d58970b1954e5c0bf0412a510f8b4d5cb

    • SHA512

      dfe9d04669a998bef4f1350cfea36f6ef1871c29f4229401ebef29b3460a801245dec01f8b2fd5ec3f23207f671dc754263b2e1825278251bc026510dace138d

    • SSDEEP

      24576:9dHPXnvcC964ukjOs1iq8ZqI1IT96t8mF7dI4Tr9:99vvM4sHq9Q8q7Vt

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks