General
-
Target
fb6f5f001a8d1804b737094750fa9cfd_JaffaCakes118
-
Size
401KB
-
Sample
241218-n24j4axpfv
-
MD5
fb6f5f001a8d1804b737094750fa9cfd
-
SHA1
fe961afc554dfff87f547b2eeab267f6f456f4c1
-
SHA256
596909a78a8bef1fccd151f167bfd16ae4f69e3eed434b019181d8e69fa6b963
-
SHA512
f9fa9d11b6c0b03845f4f93a387fdad85349e279faa5ff3b2968b202a78a5395614be0de2da031f203077db2dc90ad39be411240384f12d591011fad66828c41
-
SSDEEP
6144:/gw4PadcwDOk61BvA4n9qYNI2gOWj4Af8:an8Ok6rvA4n95NI2gDj3
Static task
static1
Behavioral task
behavioral1
Sample
fb6f5f001a8d1804b737094750fa9cfd_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fb6f5f001a8d1804b737094750fa9cfd_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
azorult
http://stastports.com/mag/index.php
Targets
-
-
Target
fb6f5f001a8d1804b737094750fa9cfd_JaffaCakes118
-
Size
401KB
-
MD5
fb6f5f001a8d1804b737094750fa9cfd
-
SHA1
fe961afc554dfff87f547b2eeab267f6f456f4c1
-
SHA256
596909a78a8bef1fccd151f167bfd16ae4f69e3eed434b019181d8e69fa6b963
-
SHA512
f9fa9d11b6c0b03845f4f93a387fdad85349e279faa5ff3b2968b202a78a5395614be0de2da031f203077db2dc90ad39be411240384f12d591011fad66828c41
-
SSDEEP
6144:/gw4PadcwDOk61BvA4n9qYNI2gOWj4Af8:an8Ok6rvA4n95NI2gDj3
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-