General

  • Target

    799667af57a95a533d10863a658c30bb_JaffaCakes118

  • Size

    688KB

  • Sample

    241028-pfd8razakl

  • MD5

    799667af57a95a533d10863a658c30bb

  • SHA1

    952615061f288c135f73c7d25cf4f1f10217b7a8

  • SHA256

    c74313aab2a5ab68bd3645525e6a2187d20281b8874edecbbdcc8f9ebcb97fed

  • SHA512

    6a215ba28aff45d85e83e7935d37786839c0cd495583ce9150ddd5bc4266e62a4daef299aedd7880952562b1e596999fc6cb1f079258420e83ac2fd9907cb6ef

  • SSDEEP

    12288:9Qnk3GDYKGcblfxTLWFNThvEjjZobhBrLq8PlCIur/xg4nAOoW6n0zi:HAOcZZTLWvNkenrLqF/n760zi

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      799667af57a95a533d10863a658c30bb_JaffaCakes118

    • Size

      688KB

    • MD5

      799667af57a95a533d10863a658c30bb

    • SHA1

      952615061f288c135f73c7d25cf4f1f10217b7a8

    • SHA256

      c74313aab2a5ab68bd3645525e6a2187d20281b8874edecbbdcc8f9ebcb97fed

    • SHA512

      6a215ba28aff45d85e83e7935d37786839c0cd495583ce9150ddd5bc4266e62a4daef299aedd7880952562b1e596999fc6cb1f079258420e83ac2fd9907cb6ef

    • SSDEEP

      12288:9Qnk3GDYKGcblfxTLWFNThvEjjZobhBrLq8PlCIur/xg4nAOoW6n0zi:HAOcZZTLWvNkenrLqF/n760zi

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks