Overview

overview

10

Static

static

3

f25e541bb0...18.exe

windows7-x64

10

f25e541bb0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-09-2024 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f25e541bb0157f05d92ba046ae3e9560_JaffaCakes118.exe

  • Size

    217KB

  • MD5

    f25e541bb0157f05d92ba046ae3e9560

  • SHA1

    d36cbcd378c4212efac3f49568720a2b98f23902

  • SHA256

    5a3675df4267c5c7480b11d7f6f71a4720d718820744470b4f07736fb19def3e

  • SHA512

    844f57eea0963c82ec91c2bf60718c4d3977a8669965cf264ef6898e0b36fc287ee675073b2e9ad5cb9e1bb519ca10b0fd4d107d0d60f0fff5b1bd31bbf40b39

  • SSDEEP

    6144:Or02KkuDqqTgydksFq0WOYq7H1AugeY1:y0sM/4sFgq7H1AAY1

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://217.8.117.24/FF621070-FFBC-431C-A6E3-E1BEAD7A3F09/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f25e541bb0157f05d92ba046ae3e9560_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f25e541bb0157f05d92ba046ae3e9560_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3760-0-0x00000000021C0000-0x00000000021F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3760-1-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3760-2-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3760-3-0x00000000021C0000-0x00000000021F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3760-4-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download