General

  • Target

    e1c8d0afd5ec33df1387005d9dbc05c4_JaffaCakes118

  • Size

    503KB

  • Sample

    241211-ra8lhszlgr

  • MD5

    e1c8d0afd5ec33df1387005d9dbc05c4

  • SHA1

    cd194c25a1f5de5b31dd9677ae71ff7163501033

  • SHA256

    8995dae8e15f5b409b26faff46500b8b2e05882776c01d70c9ea2e2d0cc6e2bc

  • SHA512

    e9269fc012ca9e7781147b18c5e13fe03b9ee0cf0624278c74e0baf6c774438d8d87f8c8d07d44e28dc575bf74875cba37d7782c7de80614966be5979ceb9d62

  • SSDEEP

    12288:51ltVpy6g/HAO3bblpB6UMj1ZEJKGaCaFsDdULn:LV7fOr30yKGaFpLn

Malware Config

Extracted

Family

azorult

C2

http://193.247.144.166/index.php

Targets

    • Target

      Product Order List.exe

    • Size

      650KB

    • MD5

      ed0036978d1f0d13c67c94edc283e131

    • SHA1

      5176e4a336fce9a98fb19d3fcb43c3510dc85f64

    • SHA256

      a18751ed6b5abd2fa637e0d4aa4eb794ee98b00e631c0fd2a4f92e9aeeca53e5

    • SHA512

      26724f913b8e51fd883ba74f298429fa17ac367c02d6437f271eca670f3243fc4a86713fc80a2c759bb43366390bd32bc6fb3485baebb7ece36d4a7edf37a88c

    • SSDEEP

      12288:VV0WtzPtYaer5hxPY3bvl/ZeUEjZZaJ8SsBdYaer:VV0WVMr5TYLFUa8SsSr

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks