Extracted

• • Target

    fc973cbac8e6c4fed818e1266862b18c_JaffaCakes118

  • Size

    1.8MB

  • MD5

    fc973cbac8e6c4fed818e1266862b18c

  • SHA1

    a2420a8d7916d420e3f69d39c6a8892fbbf3a020

  • SHA256

    48dfca30e793c613e9b56746f74408017a634fbc196b0f0eeea621ff89c5268d

  • SHA512

    0d40206a13719070c0736d5de3932b9a6870eff220028ed3baaa8ffd3bc29e853bfa2391b0eba7eeb7ad1ba8d1473da257139619623b8f664590ccfa84c495f6

  • SSDEEP

    49152:cE6wpGMVLa1VTn/g0Od3IylIELsXrDMK43:cYx4Xn/gJxIy6xXrIK4

  Score

  10^/10

  azorultdiscoveryevasioninfostealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2