General

  • Target

    fb6f5f001a8d1804b737094750fa9cfd_JaffaCakes118

  • Size

    401KB

  • Sample

    241218-n24j4axpfv

  • MD5

    fb6f5f001a8d1804b737094750fa9cfd

  • SHA1

    fe961afc554dfff87f547b2eeab267f6f456f4c1

  • SHA256

    596909a78a8bef1fccd151f167bfd16ae4f69e3eed434b019181d8e69fa6b963

  • SHA512

    f9fa9d11b6c0b03845f4f93a387fdad85349e279faa5ff3b2968b202a78a5395614be0de2da031f203077db2dc90ad39be411240384f12d591011fad66828c41

  • SSDEEP

    6144:/gw4PadcwDOk61BvA4n9qYNI2gOWj4Af8:an8Ok6rvA4n95NI2gDj3

Malware Config

Extracted

Family

azorult

C2

http://stastports.com/mag/index.php

Targets

    • Target

      fb6f5f001a8d1804b737094750fa9cfd_JaffaCakes118

    • Size

      401KB

    • MD5

      fb6f5f001a8d1804b737094750fa9cfd

    • SHA1

      fe961afc554dfff87f547b2eeab267f6f456f4c1

    • SHA256

      596909a78a8bef1fccd151f167bfd16ae4f69e3eed434b019181d8e69fa6b963

    • SHA512

      f9fa9d11b6c0b03845f4f93a387fdad85349e279faa5ff3b2968b202a78a5395614be0de2da031f203077db2dc90ad39be411240384f12d591011fad66828c41

    • SSDEEP

      6144:/gw4PadcwDOk61BvA4n9qYNI2gOWj4Af8:an8Ok6rvA4n95NI2gDj3

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks