General

  • Target

    f08d59d9c29c1fe1a34bc2f7819a53c6_JaffaCakes118

  • Size

    3.7MB

  • Sample

    241214-y9c28atkav

  • MD5

    f08d59d9c29c1fe1a34bc2f7819a53c6

  • SHA1

    7b5e3ec2ea667fbc0c9e64545c610476c4f4666f

  • SHA256

    93d14e5716f61893fafbfc23a68a651bbf5aece088d2a865927c82cfde308ce5

  • SHA512

    95268ef39aebf4db01b8698aa33bd69d5afffb400ce7d3394adfec983fcc9a8066f8d435fae87ccb1afb26034b9e5e8b244af564bb848e18b0bd803d82662b22

  • SSDEEP

    98304:3AYRWJ3guzrI7fiL9tgZZEkpDwyPVg1b3QOQYRitH0RSXJgGCnUMW8BMHDWXN:3PWLr3gzNPPVg1brJRitJ5gHD7ma

Malware Config

Extracted

Family

azorult

C2

https://livdecor.pt/work/Panel/index.php

Targets

    • Target

      f08d59d9c29c1fe1a34bc2f7819a53c6_JaffaCakes118

    • Size

      3.7MB

    • MD5

      f08d59d9c29c1fe1a34bc2f7819a53c6

    • SHA1

      7b5e3ec2ea667fbc0c9e64545c610476c4f4666f

    • SHA256

      93d14e5716f61893fafbfc23a68a651bbf5aece088d2a865927c82cfde308ce5

    • SHA512

      95268ef39aebf4db01b8698aa33bd69d5afffb400ce7d3394adfec983fcc9a8066f8d435fae87ccb1afb26034b9e5e8b244af564bb848e18b0bd803d82662b22

    • SSDEEP

      98304:3AYRWJ3guzrI7fiL9tgZZEkpDwyPVg1b3QOQYRitH0RSXJgGCnUMW8BMHDWXN:3PWLr3gzNPPVg1brJRitJ5gHD7ma

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks