Analysis
-
max time kernel
1790s -
max time network
1608s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
03-10-2024 23:17
Static task
static1
Behavioral task
behavioral1
Sample
0f6f163d19df558e01d3edd0c6f64604_JaffaCakes118.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
0f6f163d19df558e01d3edd0c6f64604_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
0f6f163d19df558e01d3edd0c6f64604_JaffaCakes118.exe
-
Size
322KB
-
MD5
0f6f163d19df558e01d3edd0c6f64604
-
SHA1
03d66cf249c2445c539286f0ed2a4e93387c2e8e
-
SHA256
084fec54089b798a4eafa125383f09f1cdad29740f811fb531910ada45e240b4
-
SHA512
70b69cf6f3433751ec1e29422fdab30026dea92987e17415f821b0a04a9a1c74f748e645ec2e60240fa923e398696c348d9992db3febbbd37ee8bad7c33b1e75
-
SSDEEP
6144:I0+wdxKvZVIyMVCoIvKP2YMreWcJH0cEhWLWl5w:UwdwXIyAhhP2YMDcScEccy
Malware Config
Extracted
azorult
http://203.159.80.211/owe/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
0f6f163d19df558e01d3edd0c6f64604_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0f6f163d19df558e01d3edd0c6f64604_JaffaCakes118.exe