General

  • Target

    e3dc508670f076a7e305071e9733409b_JaffaCakes118

  • Size

    3.7MB

  • Sample

    241212-apxn5atnb1

  • MD5

    e3dc508670f076a7e305071e9733409b

  • SHA1

    aa4c5d0bfe9e48cf4393484c35139a5a08d8910a

  • SHA256

    4d5591da3e84c64b95ae690dabda3b6a2c404dd73cad3db852abf6fc31fbebad

  • SHA512

    2c1f832bcd268a7b42d2183f248b6635ac40afc64aaffdccbfa0e45b810353dce8484a6fc3b1280e1bddc9fc456ddca67eaed3feacb71077ff76d2d2dd566850

  • SSDEEP

    98304:HAYRWJ3guzrI7fiL9tgZZEkpDwyPVg1b3QOQYRitH0RSXJgGCnUMW8BMHDWXN:HPWLr3gzNPPVg1brJRitJ5gHD7mO

Malware Config

Extracted

Family

azorult

C2

https://livdecor.pt/work/Panel/index.php

Targets

    • Target

      e3dc508670f076a7e305071e9733409b_JaffaCakes118

    • Size

      3.7MB

    • MD5

      e3dc508670f076a7e305071e9733409b

    • SHA1

      aa4c5d0bfe9e48cf4393484c35139a5a08d8910a

    • SHA256

      4d5591da3e84c64b95ae690dabda3b6a2c404dd73cad3db852abf6fc31fbebad

    • SHA512

      2c1f832bcd268a7b42d2183f248b6635ac40afc64aaffdccbfa0e45b810353dce8484a6fc3b1280e1bddc9fc456ddca67eaed3feacb71077ff76d2d2dd566850

    • SSDEEP

      98304:HAYRWJ3guzrI7fiL9tgZZEkpDwyPVg1b3QOQYRitH0RSXJgGCnUMW8BMHDWXN:HPWLr3gzNPPVg1brJRitJ5gHD7mO

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks