General
-
Target
e3dc508670f076a7e305071e9733409b_JaffaCakes118
-
Size
3.7MB
-
Sample
241212-apxn5atnb1
-
MD5
e3dc508670f076a7e305071e9733409b
-
SHA1
aa4c5d0bfe9e48cf4393484c35139a5a08d8910a
-
SHA256
4d5591da3e84c64b95ae690dabda3b6a2c404dd73cad3db852abf6fc31fbebad
-
SHA512
2c1f832bcd268a7b42d2183f248b6635ac40afc64aaffdccbfa0e45b810353dce8484a6fc3b1280e1bddc9fc456ddca67eaed3feacb71077ff76d2d2dd566850
-
SSDEEP
98304:HAYRWJ3guzrI7fiL9tgZZEkpDwyPVg1b3QOQYRitH0RSXJgGCnUMW8BMHDWXN:HPWLr3gzNPPVg1brJRitJ5gHD7mO
Behavioral task
behavioral1
Sample
e3dc508670f076a7e305071e9733409b_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
e3dc508670f076a7e305071e9733409b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
https://livdecor.pt/work/Panel/index.php
Targets
-
-
Target
e3dc508670f076a7e305071e9733409b_JaffaCakes118
-
Size
3.7MB
-
MD5
e3dc508670f076a7e305071e9733409b
-
SHA1
aa4c5d0bfe9e48cf4393484c35139a5a08d8910a
-
SHA256
4d5591da3e84c64b95ae690dabda3b6a2c404dd73cad3db852abf6fc31fbebad
-
SHA512
2c1f832bcd268a7b42d2183f248b6635ac40afc64aaffdccbfa0e45b810353dce8484a6fc3b1280e1bddc9fc456ddca67eaed3feacb71077ff76d2d2dd566850
-
SSDEEP
98304:HAYRWJ3guzrI7fiL9tgZZEkpDwyPVg1b3QOQYRitH0RSXJgGCnUMW8BMHDWXN:HPWLr3gzNPPVg1brJRitJ5gHD7mO
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-