Overview

overview

10

Static

static

3

f9f9fa5310...18.exe

windows7-x64

10

f9f9fa5310...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9f9fa53109dc77ef7fbd09e2a96cd63_JaffaCakes118.exe

  • Size

    272KB

  • MD5

    f9f9fa53109dc77ef7fbd09e2a96cd63

  • SHA1

    4e3a42e4712eb3da48da89776d745a8dbabd6115

  • SHA256

    a98715b59bdc8e8246e4b65f71685135de92cef54dc3f7a94cdab4028c51ffed

  • SHA512

    af0cb955f7c4b3187e6a290d5758d7e687d21613101c6b9e9d322d7dddf3ae3e72bb248f383740a42be012e29adfaa8c3709418c06b1b929c0a5bbb7de3136ab

  • SSDEEP

    3072:QwUJ6F+B9J5nID0kG0UHocyJCZ0tMeFqKRfwuSLY:7dF+BJm0xHocyJvTUKqu

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://188.68.208.172/p/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Azorult family
    azorult
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9f9fa53109dc77ef7fbd09e2a96cd63_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f9f9fa53109dc77ef7fbd09e2a96cd63_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2188-1-0x00000000002B0000-0x00000000003B0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2188-2-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2188-3-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2188-4-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download