Extracted

• • Target

    ef8481de1b7ae881dea23cf177aa8c07_JaffaCakes118

  • Size

    626KB

  • MD5

    ef8481de1b7ae881dea23cf177aa8c07

  • SHA1

    ac02c0e8a8b6120df1faa5dc7650fbca39914cc3

  • SHA256

    87dd7116fceeed579d9ec1e3db66e4395021cbb04256cf091a23da97703b0aa5

  • SHA512

    ea064b42f7149aeee517dcf0b17cc4cfe741a642e5fe91dc912eac720adb8d812ba205c9864083bd8acd86fe840157852f54c5bb9dfd1e1e9771ba9d0728079d

  • SSDEEP

    12288:VWcp8wkfBN7LLf50z1S2a3wq4llPsBKsrGFXFAWpgUmRNfyj3:McGfDxO2/4l506FXKfyj

  Score

  10^/10

  azorultdiscoveryinfostealerpersistencetrojanupx

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2