General
-
Target
681907ceb507d20b365234373ad52ab2_JaffaCakes118
-
Size
3.3MB
-
Sample
241022-ayyyjswepd
-
MD5
681907ceb507d20b365234373ad52ab2
-
SHA1
59c35266969bbaedf1a804889dc634c799f30940
-
SHA256
045c1417c4ab506860fa6fea296a6774c7f46bb609fba26774049e3c0dae860a
-
SHA512
87a38add3a62e4c971c1a48cf3e5f8ecf8e5b04179b5d6a056cab6d5f88741b2d5fe3e8a8a77169139cbf81b5e19deea527142c56679bc75e545c36118dbd34a
-
SSDEEP
98304:pAI+sFKC2fMM/t0W36s3XbbwMWAiKXCHhQ9t6S9IG:itsbM1RKs3XBTCHhG6SOG
Malware Config
Targets
-
-
Target
681907ceb507d20b365234373ad52ab2_JaffaCakes118
-
Size
3.3MB
-
MD5
681907ceb507d20b365234373ad52ab2
-
SHA1
59c35266969bbaedf1a804889dc634c799f30940
-
SHA256
045c1417c4ab506860fa6fea296a6774c7f46bb609fba26774049e3c0dae860a
-
SHA512
87a38add3a62e4c971c1a48cf3e5f8ecf8e5b04179b5d6a056cab6d5f88741b2d5fe3e8a8a77169139cbf81b5e19deea527142c56679bc75e545c36118dbd34a
-
SSDEEP
98304:pAI+sFKC2fMM/t0W36s3XbbwMWAiKXCHhQ9t6S9IG:itsbM1RKs3XBTCHhG6SOG
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1